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[57] ABSTRACT 

A computer activation device comprised of at least one 
local computer system and at least one remote com- 
puter system, the computer systems are connected via a 
standard data communication interface by their own 
modems. An activator device is in electrical communi- 
cation with the data communication interfaces of the 
local and remote computer systems, such that the acti- 
vator device controls the application of operative 
power to the local computer system on receipt and 
recognition of a secure coded signal from the data com- 
munication interface of the remote computer system. 

19 Claims, 3 Drawing Sheets 
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phone security device which compares passwords from 
REMOTE CONTROL AND SECURE ACCESS FOR a master unit and a remote terminals slave unit. 

PERSONAL COMPUTERS A known device which powers up computer equip- 

ment remotely via a standard communication lines to 
This invention relates to a remote control for com- 5 transmit control and identification signals is U.S. Pat. 
puter systems and particularly to an apparatus for the No. 4,206,444 to Ferlan. However, such a device dis- 
activation and secure access of a remotely located com- closes and utilizes complicated and less flexible cir- 
puter system. cuitry in comparison to the simple and more flexible 

design of the present invention. "Ferlan does not allow 
BACKGROUND OF THE INVENTION io for changing access codes remotely because, codes are 
There is a need for a reliable and secure means for burn-in on a PROM. Furthermore, the invention is 
activating and accessing a remote computer or com- ' limited to a set number of characters for an access code 
puter system. One area in which the need is currently unable to provide greater security. Ferlan in relation to 
acute is in the transfer of data between a lap top or a the present invention has a number of hardware limita- 
portable computer and a remote data base computer 15 tions instead of software. 

system which is primarily stationary. There are two No known device provides a low cost simple solution 
problems. Either the portable computer is unable to t0 allow a remote terminal to activate or deactivate an 
contain all the data it needs to access for some applica- ^attended computer system and provide secure access 
tions; or it is not practical to keep a remote data base t0 ■ «• ™s and programs- 
computer system active continuously and vulnerable to 20 Currently, a means for providing secure access is 
unauthorized access only available on lar B e computer systems with an oper- 

It is therefore important to have an apparatus for atin « s y s + tem tha * * designed to provide this function, 

activating or de-activating a remote computer via a not V^f* ava,lab,c for * c c A °™° n «5* ™ < 

• i , . i*i u a j prolific so called personal computer. Additionally there 

serial link such as a convention^ telephone modem link. P £ ^ frQm ^ 

Upon detection of a recognizable and compatible trans- £ acccss ^ ^ 
mission through a modem, the present invention acti- As a of ^ t ^ 
vates a power switching device supplying power to the ^ dc £ apparatus for activating or de- 
local computer rendering it operative from a remote activatin J rcmotd locatcd com p UtC r via a serial 
location. Once operable, the invention software is ^ communication link such ^ but not Umited t0 a stan- 
loaded up and executed automatically to prevent any dafd tclcphonc / modcm 

further access or use until the correct code is transmit- ft fc mother object to prov ide an inexpensive means 

ted. Upon any interruption or termination of the trans- tQ allow access to a rcmote i y located computer 

mission the local computer is secured and deactivated. guch ^ bm not limited t0 a ^^0^ computer. 

No known device accomplishes these innovative tasks. 35 It h yct moXher t0 control and reduce the time 

In the past, devices for starting up a computer re- mm^d remote computer equipment is left powered up 

motely via telephone line has been utilized. For exam- and not used thereby increasing the systems life, reduce 

pie, U.S. Pat. No. 4,701,946 to Oliva et al: discloses a electrical consumption and protect the system from 

logic means between a modem and a computer, which power surges. 

monitors the modem output and then can activate the 40 i t ^ st in yet another object to be readily adaptable to 

computer. U.S. Pat. No. 4,723,269 to Summerlin, dis- conventional modem control and telecommunication 

closed a circuit for starting up an unattended computer programs currently in use. 

via phone line or by preprogramming by means of a ring i t i s still yet another object to have many remote 

detector and an optically coupled triac. In each of these computers to be able to securely access the home or 

disclosures, no mention of security coding is made. 45 jocaj computer. 

In U.S. Pat. No. 4,647,721 to Busam et al: a telephone Numerous other advantages and features of the in- 
activated power controller detects a telephone ringing vention will become readily apparent from the detailed 
signal or ofF-hook condition on an incoming telephone description of the preferred embodiment of the inven- 
line and powers up the stationary unattended computer tion, from the claims, and from the accompanying 
which is connected both directly and via a modem. In 50 drawings, in which like numerals are employed to des- 
the above references, no provisions have been made for ignate like parts throughout the same. 

"SSL^Si Vav^rded some security means, BRIEF SUMMARY OF THE INVENTION 

but differ vastly in other means. In U.S. Pat. No. The present invention is an apparatus for activating 
3,984,637 to Caudill et al; the system disclosed connects 55 or deactivating a remotely located computer via a serial 
a computer to a transmission path only when a predeter- communication link such as but not limited to a tele- 
mined code is received. Two individual codes are phone/modem link. A means to allow secure access to 
needed for operation. The drawback to this device is a remotely located computer via serial communication 
that the power supply to the unattended stationary link. The invention consists of a remote terminal or 
computer is not controlled requiring the computer to be 60 computer with a conventional modem which is in elec- 
on constantly and the resultant equipment failures and trical communication to telephone lines or a private 
breakdown caused thereby. network access which will carry signals to a local inter- 
Other coding security devices are known, but with- face point to be in electrical communication with sec- 
out the same function as the present invention. U.S. Pat. ond conventional modem which is in electrical commu- 
No. 4,006,316 to Bolgiano; discloses a telephone remote 65 nication with the present invention in order to receive 
control system with coding by the use of touch tone both control and data communication. The present 
transmitted digits without the use of a modem. U.S. Pat. invention and the external modem are supplied with 
No. 4,733,345 to Anderson; discloses a computer tele- operating power continuously. The local computer's 
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power is connected to the switched power source of the monitoring the status of an interconnect means or pub- 
present invention. A communication link connects the lie or private access network 45, the invention 10 awaits 
invention to the local computer which passes both con- a signal via connector ISO, cable 60 and connector 100 
trol and data exchange via this link. The power to the from the modem 40 signaling that a call has been an- 
local computer is controlled by the present invention. 5 swered and the caller has been identified as being a 
The control software which makes the invention opera- remote terminal or computer 35 requiring access to the 
tive and controls the local computer, can reside on a l oca J computer 25. Outlet 12 is uns witched and provides 
floppy disc, hard disc or any other non- volatile pro- power for other computer equipment or even modem 
gram storage medium that is used to provide boot-up 40. At this point, the invention 10, through power 
instructions to the local computer. The logic software, 10 switched outlet 15, provides power to the local corn- 
establishes, upon power up via request from the remote puter 25 which automatically accesses the security ac- 
terminal, through the telephone lines to the external cess software 20 which resides on a conventional floppy 
modem and then the present invention, if access to the * disk medium which is by read by disk drive 150 in local 
local computer should be granted upon the transmission computer 25 that prevents any access to the local com- 
of the proper coded password from the remote terminal 15 puter 25 until the proper coded password has been 
or modem. received from the remote terminal or computer 30 and 

BRIEF DESCRIPTION OF THE DRAWINGS modem 35. 

Upon receipt of the correct coded password a com- 

FIG. 1 depicts a schematic diagram of the present munition i^k b established via remote modem 35, 
invention and its interconnection to a remote and local 20 mterconnect mea ns 45, modem 40, interconnect cable 
systems; 60, the invention 10 and cable 70, between the remote 

FIG. 2 depicts a typical housing configuration of one termmaj 0f uter 30 ^ ^ local computer 25. 

° f 4^ e ? b u 0dune u tS °[ thC VXC l enX mve " tI f ; , ^ . Upon receipt of the correct coded password the in- 

FIG. 3 shows the schematic diagram of the electronic terconnect means 45 or coinmun ication link between 

circuitry involved in an alternative embodiment of the 25 ^ femote QT computer 3o and mo dem 35, and 

^ct 1 )- 0 ^ . • u r r*u the local computer 25 is established. The remote termi- 

* 4 de Pf s a housin S COnflguratlon of ** nal or computer 30 and modem 35, virtually -become the 

present invention; .... - local computer's 25 keyboard or console device 50 

FIG. 5 depicts an alternative housing configuration " * j 

of the present invention; and 3Q thereby altov^g Wl awess to Ae local computer s 25 

FIG 6 depicts the preferred embodiment of the elec T f°^ « ,f rem ° te °f! rat ? r W ' re «n f T 

tronic circuitry of the present invention. of local computer's 25 keyboard 50 and d B p ay 

screen 55. When access is no longer required or the 

DESCRIPTION OF THE PREFERRED • carrier is lost, the local computer 25 is deactivated 

EMBODIMENT 35 thereby conserving energy and extending its useful life. 

While the invention is susceptible of embodiment in Depicted in FIGS. 1 and 6 is a suggested schematic of 
many different forms, there is shown in the drawings ^ electronic circuitry mvolyed in the preferred em- 
and will be described herein in detail, a preferred and bodiment of the invention. Modem 40 is powered by 
alternative embodiment of the invention. It should be P° wer ™* 145 outlet 140. Connector 150 on 
understood, however, that the present disclosure is to 40 modem 40 interconnects all of the signals earned by the 
be considered an exemplification of the principles of the interface cable 60 to connector 100 on invention 10. 
invention and is not intended to limit the spirit and Connector 65 on invention 10 mterconnects all of the 
scope of the invention and/or claims of the embodiment a*™ 18 brought in on connector 100 and forms a con- 
illustrated, nection with interface cable 70 which in turn connects 

As depicted in FIG. 1, the present invention 10 com- 45 t0 tnc serial communication port of local computer 25. 
prising of a remote controlled power switched outlet A current limiting resistor 75 (typical value of 220 
15, unswitched outlet 12 and security access software 20 ohms) is used in conjunction with zener diode 85 (typi- 
which allows the local computer 25 to be accessed by a device 1N4732) to form a controlled voltage source 
remote terminal or computer 30 and modem 35 without fed *>y a portion of the current being used to signal that 
operator intervention when the local computer 25 is not 50 ^ Q carrier of the remote terminal or computer 30 and 
currently activated. The invention 10 also de-activates modem 35 has been detected and is present, establishing 
the local computer 25 when access has terminated or the first precursor to accessing the local computer 25. 
has been denied. Access is only granted to a remote A current limiting resistor 80 (typical value of 100 
computer 30 and modem 35 that has transmitted the ohms) is used to pass a controlled current to the opto- 
proper coded password. The password resides in soft- 55 triac 90 (typical device MCP3011 or equivalent is corn- 
ware which is contained on disk 20 and is recognizable monly available from Motorola, Inc. of Schaumburg, 
and authenticated when disk 20 is read on local com- 111 ) activating and de-activating it in concert with the 
puter 25 in a conventional manner in response to com- carrier detect signal from modem 40. 
munication from an input entered into remote computer The optically activated triac 90 provides electrical 
30. It is understood that the password may also reside in 60 isolation between low voltage signals used within the 
other memory mediums and reside in or to be read by computer 25 and modem 30, so that the operator is 
remote computer 30. The invention 10 is utilized in prevented from coming in direct contact with the 110 
conjunction with an external modem 40 and requires no Volt alternating current utility power supplied by 
modification of either the local computer 25 or modem power cord 95 being used to power the invention 10 and 
40 hardware. 65 indirectly the local computer 25 by power cord 105. 

With the local computer 25 having power removed This is done to provide protection from possible electri- 

by the power switched outlet 15, and modem 40 being cal shock and to meet safety requirements and regula- 

powered up by power cord 145 and outlet 140 and tions. 
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A resistor 110 (typical value 220 ohms) in conjunc- 
tion with resistor 115 (typical value 2.2K ohms) and 
filter capacitor 120 (typical value 0. 1 uf) form a filtered 
current source used to control power triac 120 (typical 
device T810DJ which is commonly available from Tag 
Semiconductors Ltd., (A Raytheon Company) Hohl- 
strasse 608/610, CH-8048 Zurich, via the optically acti- 
vated triac 90 which in turn is being activated or de- 
activated by the carrier detect signal being generated by 
the modem 40. Power triac 120 in turn switches power 
to local computer 25 via switch receptacle 15. 

The values of the discrete components identified in 
the operative description above have been selected by 
the following criteria. Resistor values 75, 80 and zener 
diode 85 as depicted in FIG. 6, are selected to protect 
the opto-triac 90 from being damaged by higher than 
anticipated voltages being placed across connectors 65 
or 100. They are further selected to protect the opto- 
triac 90 from negative voltage intentionally generated 
by the typical line driver circuitry which is commonly 
used in the output of a modem 50. Furthermore, they 
are selected to guarantee operation in worst case sce- 
nario conditions and to provide sufficient signal level to 
a typical line receiver found commonly in the serial port 
of a computer 25. 

The maximum forward current opto-triac 90 in the 
case of the MCP3011 can tolerate is 60 milliamps, A 
zener diode 85 in the case of a IN4732 at the common 
node of resistors 75 and 80, limits the voltage to 4.7 
volts. Therefore the maximum current to the opto-triac 
90 is calculated as: (Zener reverse voltage— Opto-triac 
forward voltage)/Resistor 80 resistance. Inserting typi- 
cal values: (4.7- 1.2)/100 = 35 milliamps. The maximum 
reverse voltage the opto-triac 90 can tolerate is 3.0 
volts. Zener diode 85 limits this voltage to its forward 
drop of 0.7 volts. Resistor 75 assists in limiting the 
power dissipated in zener diode 85 while decreasing 
loading insuring that a line receiver will continue to 
operate reliably. 
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36th Way, Redmond, Wash.) MS-DOS AUTOEXEC- 
BAT handling facility and the invention's security ac- 
cess software 20. Shown in the table below are the 
invention's security access software commands that are 
placed in the AUTOEXEC.BAT file and a description 
of their functions. One of ordinary skill in the art would 
understand these common functions in common com- 
mercially available software such as this. Micro-Soft's 
MS-DOS AUTOEXEC.BAT handling facility allows 
the computer 25 to execute a predetermined set of user 
defined commands located in the AUTOEXEC.BAT 
file located on computer 25 floppy disk drive 150 auto- 
matically upon power up, The invention's 10 security 
access software 20 inserts several commands into this 
AUTOEXEC.BAT file to do the following: 



COMMAND 



DESCRIPTION OF FUNCTION 



echo off Suppresses my output from local 

computer 25 including the echoing 
back of inputted information, 
mode com 1:1 200,11,8,2 Sets up a compatible serul interface 

protocol with the external modem 40 via 
cable 70, connector 63, invention 10, 
connection 100, cable 60 and connector 
150. 

psw 1 PASSWORD Invention's secure access software 20 that 
inputs an ASCII string terminated by a 
carriage return from the remote computer 
or terminal 30 and modem 35 via afore* 
mentioned communication link, compares 
it to the PASSWORD string placed in 
this command, and continues to repeat this 
process and in doing so suspends any 
further usefulness of local computer 25 
until a password match is made, 
cttycoml : Re-directs local computer 25 console 

functions, keyboard 50 and display 55 to 
the remote computer or terminal 30 and 
modem. 3 5 via aforementioned communi- 
cation link. 



The result is that upon power up of local computer 25 
The minimum current that the opto-triac 90 requires 40 by the invention 10 as a result of the action of remote 



is 5 milliamps. Therefore given a worst case scenario, if 
a line driver is powered with a +/-5.0 volt supply it 
can only supply 4.7 volts to the output and would typi- 
cally have a source impedance of no more than 370 
ohms. With resistor 75 and 80 being values 220 and 100 45 
ohms respectively, the minimum current will be: (line 
driver output voltage— opto-triac forward voltage 
drop)/(line driver source impedance— resistor 75 -resis- 
tor 80). Inserting in the typical values: 
(4.7-l.2)/(370-r-220+100)=5.07 milliamperes. Even in 
this worst case scenario -the resultant voltage is suffi- 
cient to meet a line receivers input requirements. It is 
understood that different combinations of component 
values will likewise perform commensurately per the 
criteria and calculations suggested above. ■ 

A fuse 130 (typical value of 5 amps) provides over 
current protection to the invention 10 and local com- 
puter 25. 

A bypass switch 135 (typically a single pole, single 
throw type or the equivalent) allows power to be ap- 60 
plied to the local computer 25 directly, overriding the 
control imposed by the presence or absence of the car- 
rier detect signal, allowing local operation of computer 
25. 

Secure access of local computer 25 is achieved by the 65 
joint use of conventional software techniques and soft- 
ware commercially available, such as, but not limited 
to, Micro-Soft's (Microsoft Corporation, 16011 NE 



50 



55 



computer or terminal 30 and modem 35 seeking access 
to local computer 25, secure access of local computer 25 
is awarded upon recognition of a password being any 
set of ASCII characters that the software is pre-pro- 
grammed to recognize, thereby granting entry to the 
full functionality of the local computer 25*s operating 
system, data, programs or in general use if accessing 
user at remote computer 30 was in the presence of local 
computer 25. 

Passwords in the software once accessible may be 
changed as desired by the user at either the local com- 
puter 25 or remote computer 30. 

Depicted in FIGS. 1 and 3 is a electronic circuitry 
schematic of an alternative embodiment of the inven- 
tion 10, Its operation is simply and effectively described 
as follows. The connector 100 on invention 10, acts as 
an interconnect between the modem 4 and the serial 
port of the local computer 25 via connector 65. All 
signals from the modem 40 and computer 25 are passed 
via this connection which to the electronical communi- 
cation transmitted so that the invention 10 appears to be 
electronically transparent One particular signal, 
namely the carrier detect from modem 40 which is 
sensed by a conventional sensitive electromechanical 
relay 220 (typical device Stancor Part No. MS64-931 
manufactured by Hamilton Standard Controls, 131 
Godfrey, St Logansport, Ind.) via rectifying diode 225 
(typically a 1N914 or equivalent) which is carried by 
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interconnecting cable 60 and generated by modem 40 in 
response to a signal carried via the interconnect means 
45 which is placed thereupon from remote computer or 
terminal 30 by local modem 35 when computer or ter- 
minal 30 requires access to remote computer 25. Diode 5 
225 is used to isolate the proper sense of the carrier 
detect signal which conforms to any standard data com- 
munications interface in use and commonly available. 

A standard data communication interface specifies 
various electrical and mechanical characteristics for 10 
communication interfaces between computers, termi- 
nals, and modems, including an interface consisting of 
25 pins or leads, each of which provides a function, such 
as timing, control, or the sending of data. The present 
invention is not intended to be limited to this standard 15 
interface solely and it is envisioned that other standards 
will likewise be applicable. The preferred embodiment 
may use a well known specification known as Elec- 
tronic Industries Association's RS232-C specification 
which provides a positive voltage relative to ground 
indicating carrier present and negative voltage relative 
to ground indicating not present. The carrier detect 
signal is generated by the modem 40 when the carrier 
from a remote modem 35 is detected and found to be ^ 
compatible for the communication exchange required. 
The sensitive electromechanical relay 220 in turn ap- 
plies power via relay contacts 230 to the local computer 
25 via power receptacle 15. Power plug 95 is connected 
to the source of uninterruptable power while fuse 245 3Q 
offers over current protection to the invention 10 and 
local computer 25. A bypass switch 135 (typically single 
pole-single throw or equivalent) imposed by the pres- 
ence or absence of the carrier detect signal, allowing 
local operation of computer 25. 35 

FIG. 2 depicts another method of housing the present 
invention. The components identified are the same as 
those shown in the preferred embodiment. 

FIG. 4 depicts one method of packaging the circuitry 
where by all the communication lines are passed 40 
through the power switching enclosure. The compo- 
nent features numbers are for the same as shown in the 
preferred embodiments. 

FIG. 5 depicts another method of packaging the 
circuity where by only the necessary communication 45 
signals are tapped off a cable adapter 400 which is of 
RS232-C or equivalent near the modem or the comput- 
er's serial port then carried back to the power switching 
enclosure. 

Depicted in FIG. 6 is the schematic of the electronic 50 
circuitry involved in the preferred embodiment of the 
invention. 

The foregoing specification describes only the pre- 
ferred embodiment of the invention as shown. Other 
embodiments besides The ones shown, described and 55 
claimed may be articulated as well. The terms and ex- 
pressions therefore serve only to describe the invention 
by example only and not to limit the invention. It is 
expected that others will perceive differences which 
while differing from the foregoing, do not depart from 60 
the spirit and scope of the invention herein described 
and claimed. 

What is claimed is: 

1. A secure activator device for use in activating 
computer equipment remotely, comprising: 65 
a first computer system having an interconnect means 
for communicating with other computers re- 
motely, said first computer system having a first 



8 

modem in electrical communication with said in- 
terconnect means; 

at least one second computer system having an inter- 
connect means for communicating with other com- 
puters remotely, said at least one second computer 
system having a second modem in electrical com- 
munication with said interconnect means; and 

activator means for providing power to said first 
computer system, said activator means in electrical 
communication between said first modem and said 
second modem by said interconnect means, such 
that when at least one said second computer system 
requests data communication with said first com- 
puter system by communicating a password to said 
activator means, which upon recognition thereof 
said activator means provides power to said first 
computer system and thereupon authentication of 
the password by computer software stored in said 
first computer system, said activator means pro- 
vides electrical communication access to said first 
computer system. 

2. The secure activator device of claim 1, wherein 
said activator means is comprised of circuitry having a 
power activating triac which is conditioned by a carrier 
signal generated by said second modem. 

3. The secure activator device of claim 1, wherein 
said activator means is comprised of circuitry having a 
power activating triac which first is conditioned by a 
carrier detect signal generated by said first modem. 

4. The secure activator device of claim 3 wherein said 
activator means is further comprised of an optically 
isolated triac. 

5. A secure activator device for use in activating 
computer equipment remotely, comprising: 

a first computer system having an interconnect means 
for communicating with other computers re- 
motely, said first computer system having a first 
modem in electrical communication with said in- 
terconnect means; 

at least one second computer system having an inter- 
connect means for communicating with other com- 
puters remotely, said at least one second computer 
system having a second modem in electrical com- 
munication with said interconnect means; and . 

activator means for providing power to said first 
computer system, said activator means in electrical 
communication between said first modem and said 
second modem by said interconnect means, such 
that when at least one said second computer system 
requests data communication with said first com- 
puter system by communicating a password to said 
activator means, which upon recognition and au- 
thentication of the password by computer software 
stored in said first computer system, said activator 
means provides electrical communication access to 

. said first computer system. 

6. The secure activator device of claim 5 wherein said 
activator means is comprised of circuitry having a 
power activating triac which is conditioned by a carrier 
signal generated by said second modem. 

7. The secure activator device of claim 5 wherein said 
activator means is comprised of circuitry having a 
power activating triac which first is conditioned by a 
carrier detect signal generated by said first modem. 

8. The secure activator device of claim 6 wherein said 
activator means is further comprised of an optically 
isolated triac. 
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9. The secure activator device of claim 7 wherein said 
activator means is further comprised of an optically 
isolated triac. 

10. A secure computer activation device for use in 
activating a local computer system by a remote com- 5 
puter system comprising: 

interconnect interface means for electronically com- 
municating data between the local computer sys- 
tem and the remote computer system; and 

activator means for controlling the power to the local 10 
computer system, said activator means in electrical 
communication with said interconnect interface 
means between the local computer system and the 
remote computer system, said activator means 
supplies power to the local computer system and 
further electrical communication access via recog- 
nition of a password electrically communicated 
from the remote computer system through said 
interconnect interface means to the local computer 20 
system, wherein said password is recognized and 
authenticated by computer software stored in the 
local computer system. 

11. The secure computer activation device of claim 

10 wherein said interconnect interface means is further 25 
comprised of at least two modem. 

12. The secure computer activation device of claim 
10, wherein said activator means is comprised of cir- 
cuitry having a power activating triac which is condi- 
tioned by a carrier detect signal generated by said inter- 30 
connect interface means. 

13. The secure computer activation device of claim 

11 wherein said activator means is comprised of cir- 
cuitry having a power activating triac which is condi- 

35 



tioned by a carrier detect signal generated by said at 
least two modems. 

14. The secure computer activation device of claim 
13 wherein said power activating triac is an optically 
isolated triac. 

15. The secure computer activation device of claim 
10 wherein said password is a set of electronic signals 
recognized by said software stored in the local com- 
puter system. 

16. A computer activation device for use in securely 
activating a local computer system with modem by a 
signal communicated utilizing standard -interconnect 
lines from a remote computer system with modem, 
comprising: 

activator means for controlling the power to the local 
computer system, said activator means in data com- 
munication with the modems of the remote and 
local computer systems; said activator means pro- 
vides the power to the local computer system upon 
receipt and recognition by the local computer sys- 
tem of a required password from the remote com- 
puter system via the standard interconnect lines. 

17. The computer activation device of claim 16 
wherein said activator means is comprised of circuitry 
having a power activating triac which is conditioned by 
a carrier signal generated by the modem of remote 
computer system. 

18. The computer activation device of claim 17 
wherein said power activated triac is an optical acti- 
vated triac. 

19. The computer activation device of claim 16 
wherein said activator means comprises a relay to apply 
operative power to the local computer system. 
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[57] ABSTRACT 

In a computer system comprising a computer having a 
keyboard, and a display device connected to the com- 
puter, an improved position indicator means comprising 
a mouse having means responsive to movement thereof 
over a support surface for generating electrical signals 
indicating the positioning of the mouse, power source 
means carried by the mouse, circuit means powered by 
said power source means for generating and transmit- 
ting radio signals corresponding to said electrical signal, 
and processing means associated with said computer for 
receiving said radio signal and converting said radio 
signal into a display on said display device positioned 
corresponding to the positioning of said mouse. 

13 Claims, 2 Drawing Sheets 
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WIRELESS MOUSE APPARATUS 

Conventional types of such a mouse include a me- 
chanical type and an optical type. The mechanical type 5 
mouse is illustrated in FIG. 6 as described in greater 
detail here following. Briefly the mechanical type 
mouse includes a longitudinal direction sensor 18 and a 
lateral direction sensor 19 responsive to revolution of a 
sensing ball 17 adapted to roll on the subjacent surface. 10 
In. the optical type mouse, a light emitting diode and a 
phototransistor are associated with a grid or map to 
provide a signal corresponding to the distance and di- 
rection of movement of the mouse. The conventional 
mouse, whether it be the mechanical or optical type, is 15 
arranged to effect selective positioning of the cursor on 
the computer monitor screen by output signals coordi- 
nated with the state of a control switch for selectively 
executing a selected function. 

The physical connection of the mouse to the host 20 
computer by the cable undesirably restricts free move- 
ment of the mouse and may effect undesirable move- 
ment. Further constant bending or twisting of the cable 
may effect deterioration thereof so as to result in discon- 
nection or improper contact of connectors at opposite 25 
ends of the cable. 

Another problem arising from the conventional cable 
connected mouse is the handiness of the operation. Thus 
the conventional mouse is arranged for right handed 
operation rendering it difficult for use by left handed 30 
people. While a left handed mouse may be constructed, 
this requires a special configuration increasing the cost 
and presenting service and other similar problems. 
Where a left handed person uses the conventional right 
handed mouse, the cable is inconveniently disposed and 35 
may present interference problems. 

Still another problem with the conventional cable 
connected mouse is the limitation on the relative posi- 
tioning of the mouse with respect to the host computer 
occasioned by the innerconnecting wires. 40 

SUMMARY OF THE INVENTION 

The present invention comprehends an improved 
mouse type positioning indicator for use with a com- 
puter which eliminates the disadvantages of the above 45 
discussed prior art mouse devices in a novel and simple 
manner. 

More specifically the present invention comprehends 
the provision of a new and improved computer mouse 
or position indicator, which is arranged to provide indi- 50 
cations of the change in positioning of the mouse on a 
subjacent surface in the form of an electrical signal 
which is transmitted to the host computer by electro- 
magnetic radiation or radio waves. 

The invention further comprehends a provision of 55 
power source means within the mouse for operating the 
radio wave transmitting means. 

The invention comprehends that the host computer 
include radio wave receiving means for receiving and 
demodulating the transmitted radio wave from the 60 
mouse and circuitry for providing the resultant informa- 
tion signal for suitable use by the host computer. 

The mouse further includes switch means, the ar- 
rangement of which is also transmitted to the host com- 
puter for use in controlling the transfer of information. 65 

Coding of the transmitted signal into the necessary 
format for the specific host computer is effected at the 
receiver. Illustratively the decoded information may be 
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used to move a cursor on the display screen in corre- 
spondence with the movement of the mouse. 

A common signal from the switch associated with the 
mouse or from the input of the keyboard associated 
with the computer may be utilized, in cooperation with 
the positioning of the cursor so as to permit inputting of 
desired data to the computer. 

Thus more specifically the invention comprehends 
the provision in a computer system having a host com- 
puter including a keyboard and a display device con- 
nected to the computer, an improved position indicator 
means including a mouse having means responsive to 
movement thereof oyer a support surface for generating 
electrical signals indicating the positioning of the 
mouse, power source means carried by the mouse, cir- 
cuit means powered by said power source means for 
generating and transmitting radio signals corresponding 
to said electrical signal and processing means associated 
with said computer for receiving said radio signal and 
converting said radio signal into a display on said dis- 
play device positioned corresponding to the positioning 
of said mouse. 

Still further the invention comprehends the provision 
of such an apparatus including a mouse, a transducer for 
converting the position of the mouse on a subjacent 
surface into an electric signal indicitive of the position 
of the mouse, a switch carried by the mouse, radio 
transmitting means for generating a modulated radio 
wave signal corresponding to said electric signal and 
the arrangement of said switch, power source means 
carried by said mouse, receiving means for receiving 
and demodulating said signal from the radio transmit- 
ting means and means for utilizing the demodulated 
signal in a computer. 

In the illustrated embodiment, the radio wave trans- 
mitting means comprises frequency modulating means. 

In the illustrated embodiment the apparatus includes 
means for converting between analog and digital sig- 
nals. 

The invention comprehends providing means for 
permitting the mouse to transmit on any one of a plural- 
ity of different frequencies so as to permit selective use 
of a number of similar radio wave transmitting mice to 
different host computers within the same general envi- 
ronmental space. 

The computer device position indicator means of the 
present invention is extremely simple and economical 
construction while yet providing the highly desirable 
features discussed above. 

BRIEF DESCRIPTION OF THE DRAWING 

FIG. 1 is a block diagram illustrating circuitry of a 
mouse; 

FIG. 2 is a block diagram illustrating circuitry of a 
receiver; 

FIG. 3 is a front elevation of a prior art apparatus; 
FIG. 4 is a front elevation of apparatus of the present 
invention; 

FIG. 5 is an elevation of the control panel of the 
receiver; and 

FIG. 6 is a schematic illustration of one form of 
mouse transducer for use with the present invention. 

BEST MODE FOR CARRYING OUT THE 
INVENTION 

Referring now to FIG. 3, a conventional mouse 2 is 
supported upon a subjacent surface 3. The conventional 
mouse 2 is physically connected by a cable 4 to a host 
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computer 5, and data can be electrically transmitted via nal f 0 . The output of the programmable counter 38 is 
a cable 4 between the conventional mouse 2 and the coupled to the input of the phase-comparator 32. The 
host computer 5. The data is typically utilized to control phase locked loop oscillator 30 operates in a conven- 
the position of a cursor 6 on a display 7 of a monitor 8. tional manner and the programmable counter 38 con- 
Referring now to FIG. 4, a preferred embodiment of 5 trols the frequency of the voltage controlled oscillator 
the present invention comprises a radio wave mouse output signal f 0 . The programmable counter 38 is pro- 
(hereinafter mouse) 9 for transmitting data via a radio vided to vary the carrier frequency of the transmitted 
signal R to a receiving antenna 11 of a receiver 12 con- FM signal so that a plurality of mouses can operate 
nected to the host computer 5. The radio signal R is simultaneously at close positions without adversely 
transmitted from the mouse 9 by means of a transmitting 10 affecting each other. 

antenna 13 associated with transmitter circuitry 10 con- j t ^ desired that the transmitting band width be ap- 

tained within the mouse 9. proximately 10 to 20 KHz, the maximum transmitting 

The radio signal R comprises four position signals output power be approximately 1 mW and the maxi- 

consisting of an upper mouse position signal, a lower mum usable range from the host computer 8 be approxi- 

mouse position signal, a right side mouse position signal 15 mate i y 5 meters. Further, a power source such as a 

and a left side mouse position signal corresponding to chargeable battery (not shown) is preferably contained 

movement of the mouse in four orthogonally related m tne mouse 5 

directions. , A power source 43, for example a rechargeable bat- 
Further, the radio signal R comprises command sig- t lies dc r t0 ^ com p 0nents 0 f the trans- 
nals^eneratedin response to actuation of switches 14, 20 circuit 10 It ^ desired to ide 
15. Such switches and the use thereof are well known to switch means ^ for example a tQuch f()r ^ 
those skdled m the art. ing on the power source 43 only when the hand of an 
RefemngtoFIG : , 6, lUustratedis a mouse transducer op B erator is P contacted with the body of the mouse 5. 

16 utilized in conjunction with a mechanical type ^ mQm& ^ b convcrtQd to ^ ^ si ^ b 
mouse. The mouse transducer 16 comprises a ball 17, a 25 mouse d ^ *J£ * 
longitudmal direction sensor 18 and a lateral direction . . u * « j •« * « * 1 
sensor 19. Movement of the mouse 5 along the subjacent ter f t d t0 voIta ^ ?* tT ° l ™ oscl ! la 1 t0 f r f *™ n ?? 
surface 3 cause the ball 17 to rotate. Rotation of the ball. V0 K lta « e ' ^ ^ t data ^ ' ™-^ulated, amplified by 

17 causes a concurrent rotation of the longitudinal and a b + uffer ff ^ fie 5 41 ^. t ™™««" ™ a transmi tmg 
lateral direction sensors 18, 19. The longitudinal and 30 13 ' ™ e antenna 13 is preferably an 
lateral direction sensors 18, 19 reduce the movement of mt *** W located w T l ? in bodv °f the 

the mouse 5 into orthogonal components, and values of V1 ^fernng now to FIG. 2, instated generally is a 
the orthogonal components comprise the upper, lower, * lock ° f ^^ ve A r 12 * mch If wupled to the 
right side and left side position signals. host computer 5 (FIG 4). As indicated above, the re- 
Referring now to FIG. 1, illustrated is a block dia- 35 <; eiver 12 comprises the receiving antenna 11, a high 
gram of transmitter circuitry 10 contained within the frequency amplifier 44, a frequency converter 46, an 
mouse 9. Digital signals generated by the mouse trans- intermediate frequency amplifier 48, and a demodulator 
ducer 16 in response to movement of the mouse 9 along 

r the subjacent surface 3, hereinafter collectively referred A P hase locked loo P circuit 52 ' comprising a second 

>to as mouse data, are entered to a mouse data encoder 40 P** 3 ^ comparator 54, a second low pass filter 56, a 

20. second voltage controller oscillator 58, a second pro- 

: A first oscillator 22 coupled to a first frequency di- grammable counter 60 and a second switch 62 is oper- 

vider 24 generates a first oscillator signal having a fre- ated m a similar fashion to the first phase locked loop 

quency of 1 MHz. The first frequency divider 24 re- circuit 30 described above in conjunction with FIG. 1 

duces the frequency of the first oscillator signal by a 45 tn « transmitter circuitry 10. Thus for reception of 

factor of 100, generating a first divided signal having a *c radio wave signal R transmitted by the mouse 9, the 

frequency of 10 KHz. A second frequency divider 26 receiver 12 is tuned to the same carrier frequency as the 

coupled to an output of the first frequency divider 24 radio wave signal R. Hence the first programmable 

divides the first divider signal by a factor of 2, generat- counter 38 and the second programmable counter 60 

ing a 5 KHz sampling signal. 50 are set to the same value. 

The mouse data encoder 20 samples the mouse data at The receiver 12 receives the time series analog signal 

a frequency equal to the sampling signal and generates transmitted by the mouse 9 and the demodulator 50 

the mouse data as a time division multiplexed, or time demodulates the signal. The mouse data decoder 64 

series, digital signal to a mouse serial data voltage con- receives the demodulated analog mouse data signal and 

verter 28. 55 demultiplexes and digitizes same. Outputs of the mouse 

The transmitter circuitry 10 comprises a phase locked data decoder 64 are coupled to input ports of the host 

loop type FM transmitter comprising a phase locked computer 5, which receives the digital mouse data, 

loop oscillator 30. The phase locked loop oscillator 30 A mouse level meter 66 indicates the signal strength 

comprises a phase-comparator 32, a low pass filter 34, a of the received radio wave signal R. 

voltage controlled oscillator 36 and a programmable 60 Referring now to FIG. 5, illustrated is a front panel of 

counter 38. The programmable controller operates as a the receiver 12. The mouse level meter 66, as indicated 

frequency divider, and the division factor is determined above, displays signal strength of the radio wave signal 

by a first switch 40. R. A channel display 68 indicates the frequency at 

A voltage controlled oscillator output signal f 0 , gen- which the receiver 12 is currently tuned. , 

erated by the voltage controlled oscillator 36 is input to 65 It is desired to provide an interface for enabling the 

the programmable counter 38 and utilized as a feedback application of the present invention to computers of any 

signal. The programmable counter 38 divides the fre- architecture. It is possible to associate the receiver 12 in 

quency of the voltage controlled oscillator output sig- the body of the host computer 5. 



12/15/2003, EAST Version: 1.4.1 



In the embodiment described above, FM modulation 
has been described. However, the present invention is 
not limited to FM modulation, rather other modulation 
formats such as phase modulation or pulse width modu- 
lation may be employed. Further a radio wave mouse 
apparatus may have individual channels for each of the 
signals comprising the mouse data rather than multi- 
plexing the signals. 

According to the present invention as described 
above, the radio wave mouse apparatus is improved in 
operability, thereby remarkably improving the operat- 
ing efficiency of a personal computer. 

I claim: 

1. In a computer system comprising a computer hav- 
ing a keyboard and a display device connected to the 
computer, an improved position indicator means com- 
prising: 

a mouse having means responsive to movement 
thereof over a support surface for generating elec- 
trical signals indicating the position of the mouse; 

power source means carried by the mouse; 

circuit means, including a selectable frequency-set- 
ting means, carried by the mouse and powered by 
said power source means for generating frequency 
modulated radio signals corresponding to said elec- 
trical signals; 

an antenna within said mouse for transmitting said 
generated radio signals; and 

processing means associated with said computer for 
receiving the transmitted radio signal and convert- 
ing said radio signal into a display on said display 
device, said power source, circuit means, and an- 
tenna being cooperatively arranged to provide a 
transmitting output sufficient to effectively trans- 
mit said signals to said processing means to cause 
said display to be accurately positioned on said 
display device corresponding to the positioning of 
said mouse notwithstanding changes in the direc- 
tional positioning and noncontinuity in the line-of- 
sight path between said antenna and the processing 
means. 1 

2. The computer system of claim 1 wherein said dis- 
play comprises a cursor. 

3. The computer system of claim 1 wherein said 
means for generating said radio signal includes switch 
means. 

4. The computer system of claim 1 wherein said cir- 
cuit means are associated with said power source means 
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for selectively connecting the power source means to 
said circuit means. 

5. The computer system of claim 1 wherein said cir- 
cuit means includes means for selectively causing the 

5 carrier frequency of said radio signals to be any one of 
a plurality of different frequencies. 

6. The computer system of claim 1 wherein said cir- 
cuit means includes manually operable means for selec- 
tively causing the carrier frequency of said radio signals 

10 to be any one of a plurality of different frequencies. 

7. The computer system of claim 1 wherein said cir- 
cuit means includes means for selectively causing the 
carrier frequency of said radio signals to be any one of 
a plurality of different frequencies and said processing 

IS means includes means for selectively processing any 
one of said plurality of different frequencies. 

8. The computer system of claim 1 wherein said cir- 
cuit means includes means for selectively causing the 
carrier frequency of said radio signals to be any one of 

20 a plurality of different preselected frequencies. 

9. The computer system of claim 1 wherein said cir- 
cuit means includes a switch carried by the mouse and 
said frequency modulated radio wave signals corre- 
spond to said electric signals and the arrangement of 

25 said switch. 

10. The apparatus of claim 1 further comprising: 
data encoding means for sampling said electrical sig- 
nals to provide a time series digital signal; and 

a digital-to-analog converter for converting said digi- 
30 tal signal into an analog voltage for use in generat- 
ing said modulated radio wave signals, said radio 
transmitting . means having a voltage controlled 
oscillator using the converted analog voltage as the 
control voltage therefor. 
35 11, The apparatus of claim 10 wherein said FM trans- 
mitter comprises a variable frequency transmitter and 
said radio transmitting means includes a selection 
switch arranged to be selectively set to a desired trans- 
mitting frequency. 
40 12. The apparatus of claim 1 further comprising 
power source switch means for connecting the radio 
signal transmitting means to the power source means 
only when the hand of an operator is juxtaposed to the 
mouse. 

45 13. The apparatus of claim 9 further comprising inter- 
face means connected to said receiving means for pro- 
viding any one of a plurality of different forms of the 
converted radio signal for selective use by computers 
having different preselected corresponding architec- 

50 tures. 

***** 
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[57] ABSTRACT 

A system utilizing a personal identification badge to collect 
data and to provide access to a computer terminal. The 
personal identification badge includes circuitry and trans- 
ceiver components for transmitting identification informa- 
tion and exchanging other digital information with a com- 
puter terminal and other compatible devices. The personal 
identification badge establishes a wireless communication 
link with a computer terminal to allow a user to logon to the 
terminal. When a user leaves the computer terminal, the 
communication link is terminated, causing the computer 
terminal to lock the keyboard, blank the monitor, and/or 
logoff the user if the communication link is not restored 
within a sufficient time period. The personal identification 
badge includes means for encrypting and signing digital 
information. Adapted for use within a hospital, the system 
provides further means for establishing an affiliation 
between a personal identification badge and a patient, for 
collecting digital information from electronic devices that 
record or gather data regarding the status of a patient, for 
digitizing and recording dictation spoken into the personal 
identification badge, and for modifying the digital informa- 
tion so collected to conform to standards, such as those of a 
Java applet or the hypertext markup language, for interactive 
display on a universal display browser. 

32 Claims 26 Drawing Sheets 
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Base Contents: 



Minimum Information; 
Password or Private/Public Security Key(s) 



Optional Information: 

User Name 
User ID number 
User data base address 
Battery Replacement Date 
Device Disabled 

List of Additional Memory Contents 
Hospital specific information 
HTML formats or Java applets 
Access Privileges 
Occupation and specialty 

Public key and other identification information for each Security 
Verification System the security badge can be used with 



Figure 8 




Patient Identification Information: 



Minimum Information: 
Patient ED number 



Optional Information: 

Patient's name 

Patient's database address 

Medical Record Number 

Sex 

Age 

Weight 

Height 



Figure 9 



12/15/2003, EAST Version: 1.4.1 



U.S. Patent Sep. 28, 1999 Sheet 6 of 26 5,960,085 




Medication Moraiation: 



Minimum Information: 
Medication name(s) 

Quantity of medication dispensed in the container 

Optional Information: 
Patient's ID and /or name 
Patient's data base address 
Date and time read 
Date and time dispensed 
Date and time given 
Pharmacy prescription number 
Pharmacy medication dispensing number 
Person dispensing medication 
Data base address of person dispensing medication 



Figure 10 
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Dictation Information: 



360 



< 



Minimum Information: 
User Identification 
Date and time of dictation 
Length of dictation 
Digitized dictation 



v. 



Optional Information: 
Patient's ID and /or name 
Patient's database address 



Figure 1 1 
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Monitoring or Treatment Device Information: 



Minimum Information: 
Date and time information gathered 
Device identification and location 



Optional Information: 
Patient's ID and /or name 
Patient's database address 
Device settings 

Device measurements or readings 



Figure 12 
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<html> 
<body> 

<a href^Tittp:^ ww.st._maiy.springfield/demogr^)hics/98765432 l/19_MayJ996 M > 

ID: 98765432 Waxbr> 

Date: 13:42 19-May-1996<br> 

Report type: Medication Dispensing 

<br><br> 

<table border=2 cellspacing=5> 

<trxtd coispan=3 align=center>Medication Given:</tdx/tr> 
<trxtd>Penicillin</tdxtd> 1 00mg</td><td>2 capsules</td></tr> 
<trxtd>Tylenol w/Codeine</tdxtd>200mg</tdxtd>l capsule</td></tr> 
</table> 
<br> 

Dispensed by: 

<^ hrel^"http://hww.st._m 

Sam W. Johnston, R.N.</a>, at: 13:42 19-May-1996<br> 
<br> 

ID Device Serial Number: 1265338<br> 
</html> 



Figure 13B 
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420- 



ID: 987654321 

Date 13:59 19_May-1996 

Report Type: Medication Administration 





Medication Given: 




Penicillin lOOmg 


[ 2 capsules 








| Tylenol w/Codeinc 1 200mg 


1 1 capsule 



Dispensed bv: Sam W. Johnston. RM . at: 13:42 19-May- 1996 



ID Device Serial Number: 1265338 
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<httnl> 
<head> 

<title>Medication Administration</title> 
</head> 

<form action= 

"httpV/hvw.stjnary.spring^^ method^uP* 

<a href^"http://hww.stjn^ 
ID: 98765432 WaXbr> 



Report type: Medication Administration^)^ 
Patient ID Verified: YES 
<brxbr> 

<table border=2 cdlspacing=5> 

<trxtd colspan=3 align e: center>Medication Given; <7tdx/tr> 

<trxtd>Penicillin</td><td> 1 00mg</tdxtd> 

<select name=Penicillin> 

<option>2 

<option>1.5 

<option>l 

<optionX).5 

<option>none 

</select> capsules<Adx/tr> 

<tr><td>Tylenol w/Codeine</td><td>2()0rng</tdxtd> 

< select name=Tylenol_w/Codeine> 

<option>l 

<option>0.5 

<option>none 

</select> capsule</tdx/tr> 

</table> 
<br> 



Given by: 

<a href^'http^/hvAv.st^mary. springfield/rtafr_directory/M_T_Adamson.html"> 
MaryT. Adarnson, R.K</a>, at: 13:49 19-May-1996<br> 



Dispensed by: 

<a href^"http://hww.st._mary . springfield/stafF_directory/S_W_Johrison.html"> 
Sam W. Johnston, R.K</a> at: 13:42 19-May-1996<br> 
<br> 

ID Device Serial Number: 1265338<jr> 



Figure 14A 
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V 



<input type^hidden name=Pat.I.D. value= s: 987654321> 
<input type=hidden name=Pat.I.D.Addr 

vaiue«"http://hww.st._mary.springfield/demographics/987654321/19_May 
<input type=hidden name=Date valuc : =13:59 19-May-1996> 
<input type=hidden name=Report_type vdue^Medication_Administration> 
<input type=hiddcn name=Patient_ED Verified value=YES> 
<input type=hidden Qame=Medl value=Penicillin- 1 00mg-2_capsules> 
<input type=hidden name=Med2 value=Tylenol_w/Codeine-200mg-l_capsule> 
<input type?=hidden name=Given_by 
value=http://"hww.st_mary.sprin^ 
R.N-13 :49J 9~May-1996> 
<input type^hidden name^DispensedJby 

vaJue=h^://"hww.stjnary.spring^^ W_Johnson.html" Sam_W_Johngton s _R. 

N.-13:42_19-May-1996> 

<input type=hidden name=ID_DeYice_Serial_Nuniber value=l265338> 
<br> 

<input type^submh value=Approve&#information> 



</html> 
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ID: 987654321 

Report Type: Medication Administration 
Patient ID Verified: YES 




Given by: Mary T. Adamsoru at: 13:49 19-May-1996 

Dispensed by: Sam W. Johnston. UN. . at: 13:42 19-May- 1996 

ID Device Serial Number: 1265338 



Approve Information 



Figure 14B 
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Request 
Response 



> 



Computer terminal dispatches an 
interrogation signal to poll the existence 
and identity of a security badge within signal 
range. 



Wait for a 
eriod of time . 




608 



NO 




I Attempt to decrypt response and use verification algorithm 
[ to compare results with the interrogation signal. 




NO 



/as the 
return 
response 
successfully 
decrypted and 
verified 



620 



Yes 



Figure 15A 
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Disable the recognition of this user's security badge by the 
computer system. Notify system security administration of a 
possible attempt to breach security, identifying the security 
;e and the computer terminal where the attempt occurred. 



3 



Cpo to Request Response ^ 



644 



J 



0 



'648 



Log the user onto the computer system. Provide the user 
.access to databases and program features as allowed. 



'652 



Transfer data records, if any, stored and flagged by 
security badge for transfer to a database 



:> 



656 



Wait temporarily before 
transmitting next signal 



C 



660 



Transmit recommitment signal. 



Figure 15C 
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Blank monitor screen and disable all user-directed 
input/output operations 



© 



Figure 15D 
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The original system user is still using the computer 
system. Reset the idle / invalid link counter and restore 
screen and processor to normal operation if it was 
previously disabled 




704 



( Go to WaiQ 



The output of the verification algorithm 
matches the identity of another user. 




( Goto Wait > «— 




A new user is recognized, but the current user 
as not been away long enough yet 



£ 



Log original system user off the computer system. Overwrite and 
delete any memory cache or temporary workspace used by user or 
^application program run by the user. Logon new system user. 



(ho to Check ^\ 
Vfirst Attempt J 



Figure 1 5F 
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^aitforMessagQ » ^ Wait to receive a signal 
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Turn power off for a period of time, and return to 
ower on state 



736 



(^Process and identify signal. 
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Figure 16A 
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744 



YES 



752 



Pause to allow addressed security badge to 
respond first. 



C 



T 



756 



Transmit identification signal to indicate 
presence of instant security badge 

( Go to Wait for Message"^) 
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Figure 16B 
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MJ 



766 



MJse 



title signal's key identification to locate the publi 
and decrypt the signal. 



768 

Can the 
decrypted signal 
be confidently identified ^^J^El 
as originating from the 
Verification 
System? 



772 



NO 



^ Return invalid message code^ ^ 

r-Jt , 

(Go to Wait for Message ) 



z. 



744 



^Process signal through encryption algorithm ^ 

i r 116 



Transmit re-encrypted signal back to computer terminal. 
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^o to Wait for Message^ 



Figure 16C 
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Send requested data 
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804 



Prompt user to press the activation button on the 
ilectronic security badge 



(Wait temporarily for button to be pressed ) 



808 




816 



( jSend message indicating signature not provided ^ 

I 

^to to Wait for Message^ 



& 

Figure 16E 
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Encrypt entire document or a special control portion of the 
sdocument and transmit back to the computer terminal 



^ro to Wait for Message^ 



Figure 16F 
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(User presses activation button. ^ 




'836 



Electronic security badge transmits 
identification information and a request 
Jbr data to be returned. 
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Electronic security badge transmits 
identification information and patient 
identification information and a request 
^for data to be returned. 



840 



Wait temporally for a response 
gnal from security badge 



) 




^JEmit sound indicating no response 



856 



^errrunatc date request process ^ 



Figure 17A 
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Store data received. Add date and time to record. 




:> 



878 



Terminate existing 
association. Establish 
association with this 
\patient 



f Emit sound indicating a successful ^\ 
transaction and that the security 
badge is associated with this 
patient . 



880 



Emit sound indicating a successful 
transaction and that the security 
badge is associated with a new 
V patient 

♦ 



Figure 17B 
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Associate the electronic security badge with the newly 
received patient. Add date and time to patient 
formation. Start timer to cancel patient association. 

, T 

CData acquisition completed ^ ) 




884 
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Modify data record, generate database address, and emit sound 
to indicate successful transaction 



9 



Cbata acquisition completed ^ 



£ < 896 

^Modify data record, generate database address if patient ID 
information is available and emit sound to indicate a successful 
^transaction. 

~ — 

( j)ata acquisition completed ^ 

Figure 17C 
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^User presses the dictation button ^ 




Add date and time to record and patient identification 
information previously recorded. Indicate data type is 
dictation, combine user identification number, patient 
identification and date and time to formulate a database address 
to store this data Emit sound indicating successful transaction. 



I 



CjPictation completed ^ 



'916 



Add date and time to record. Indicate data type is dictation, combine 
user identification number, date and time to formulate a generic 
dictation data base address to store this data. Emit sound, indicating 
\ successful transaction. 



Cpictation completed 



Figure 18 
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SECURITY BADGE FOR AUTOMATED 
ACCESS CONTROL AND SECURE DATA 
GATHERING 

FIELD OF THE INVENTION 

The present invention relates to computer systems for the 
management of information distributed across a plurality of 
intermittently and dynamically linked objects. More 
particularly, the present invention relates to a system and 
method for restricting access and monitoring and recording 
communications between a plurality of system users, a 
plurality of computer terminals on a computer network, and 
a plurality of smart devices. Further, the present invention 
relates to a system for logging a system user onto and off of 
a computer terminal through means of a device worn by the 
system user which communicates with the computer termi- 
nal. 

BACKGROUND OF THE INVENTION 

The increasing specialization and complexity of medical 
care has vastly increased the paperwork and record keeping 
that must be maintained by doctors, nurses, and other 
hospital staff persons. This has created an interest in per- 
forming routine record keeping, such as that of statistics 
generated by patient monitoring instruments or of medica- 
tion dispensed for a patient's care that is typically performed 
by staff persons, in a more efficient, automatic, and reliable 
way. The rapid growth of network technologies has also 
created an interest in using the tools of the Internet to create 
a hospital Intranet, to link discrete hospital databases and 
make their data, images, and video records commonly 
accessible through a remote Internet/Intranet browser. The 
ease, however, with which electronically stored information 
may be intercepted and reproduced for illicit purposes has 
prompted increasing concerns regarding the privacy and 
authenticity of electronic information. Privacy and authen- 
ticity of patient information are particularly important con- 
cerns in a hospital. 

Gombrich, U.S. Pat. No. 4,916,441 discloses an electronic 
health care management system using a portable handheld 
pocket terminal for use by medical staff personnel to upload 
data from medical instruments and monitoring devices, 
document and track observations and treatment, display 
scheduling information, and transmit stored information to 
the hospital's patient care database. Gombrich et al., U.S. 
Pat. No. 4,857,716 further discloses the use of barcodes on 
patient bracelets and patient-specific medical items such as 
drugs, blood samples, and IVs to be read by a portable 
handheld pocket terminal with a barcode reader used to 
provide an audit trail and automatic billing when drugs, 
therapy, or procedures are administered to patients. 
However, the pocket terminal of Gombrich is a general - 
purpose, not user-specific, device and does not automatically 
enable information exchange. In order to gain access, a 
caregiver is required to slide a separate card into a separate 
base unit connected to a base station in order to access the 
device. Therefore, the pocket terminal is not well-suited as 
a personal security and identification badge for a particular 
caregiver. The information gathering capabilities of the 
Gombrich device are also limited. The Gombrich system 
contemplates the use of a barcode reading wand to provide 
access, upload information, and authorize the administration 
of treatments and use of medical devices. Further, the 
Gombrich system lacks secure decryption and digital sig- 
nature means. Even if it were adapted so that the public and 
private keys of a cryptographic system were encoded upon 
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a user's access card, the user would have to slide the card 
through the base unit every time a message was to be 
decoded, encrypted, or digitally signed, or in the alternative, 
compromise the security of the cryptographic system by 

5 uploading the user's public and private key rings onto the 
pocket terminal. 

What is needed is a comprehensive data collection, 
management, and security system where information that is 
stored by a variety of hospital devices, such as patient 

10 monitors and bedside patient charting systems, would trans- 
mit information to an electronic "security badge" worn by a 
doctor or nurse authorized to care for the patient with whom 
the hospital device is related. The information exchange 
would take place automatically when the doctor or nurse 

15 came into proximity with the patient and pressed an activa- 
tion button, and would be downloaded, automatically, to the 
hospital computer network when the doctor or nurse logged 
on to a computer terminal. 

A data collection and management system further needs 

20 means for limiting and monitoring access by a multitude of 
users to a hospital computer network including a multitude 
of computer workstations and personal computers. Virtually 
all data regarding a patient's treatment in a hospital, clinic, 
or doctor's office is thought to be private. The problem of 

25 access control and data security is particularly acute in 
hospitals. Because hospitals operate around the clock, with 
multiple shifts and staff persons moving from one floor or 
one wing of the hospital to another, hospitals are unlikely to 
assign a computer terminal to a particular user. Further, a 

30 hospital presents an almost unique problem of having com- 
puter terminals or workstations with sensitive personal data 
in an unsecured environment. Computer terminals or work- 
stations may be placed in unsupervised patient rooms, 
conference rooms, or nurse stations. Each such device may 

35 be able to retrieve all the records for any patient who has 
been in the hospital. Standard password protection presents 
only a small amount of security, as many password choices 
are easily guessed. If the password is complex users often 
write their password and leave it near a computer terminal 

40 or workstation where others may easily discover the pass- 
word. 

Restricted access systems today range from the simple to 
the sophisticated. It is typical for multiuser network systems 
to require a user to log on by entering a name and password 

45 to gain access to system information. The user is typically 
admonished to logout when leaving the workstation envi- 
ronment to prevent unauthorized access. The system may 
automatically log a user off after a predetermined period of 
inactivity. For users who must access the system frequently 

50 but intermittently, short inactivity periods for automatic 
logout will be a source of constant inconvenience. 
Alternatively, if long inactivity periods are used, another 
user may inadvertently use the terminal under the previous 
person's security authorization. Moreover, some users may 

55 frequently choose obvious or easily ascertainable passwords 
that can easily be broken. Others may write them down and 
store them where they may be easily intercepted. While this 
may not be a significant problem with personal computers in 
one's home or locked office, stronger and more reliable 

60 security is appropriate for sensitive information where com- 
puter terminals are shared by many or are located in open 
locations where others could eavesdrop. 

Another restricted access system involves the use of 
user-specific password-generating devices. Typically, a user 

65 seeking access to a secure system is presented a code or 
instruction on a system terminal screen. The user enters the 
code or the information demanded by the instruction, via 
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manual entry or optical coupling, into his own password illegitimate purposes without detection. Also, the container 

generating device. The password generating device then itself is not enablingly disposed with both read and write 

calculates a second code based upon the user's input and an capabilities. Consequently, it does not perform any record 

encryption algorithm stored by the device, and displays this keeping of its own, because the invention as disclosed does 

second code to the user for entry into the computer terminal s D0 t record access, attempted or otherwise, to the container, 

or workstation. After the user enters the second code, the Beltcr mvC ntory control would be provided if auditing could 

computer terminal or workstation then performs a verifica- be per f ornl ed on the containers themselves as they are . 

tion check on it to confirm its creation by the password rcturned for recyc ii ngi Moreover, an improvement could be 

calculator of an authorized user of the computer terminal or made {h h ^ use of intemal oodes such ^ bUc and 

workstation. If confirmed, the user is granted access in JQ private keys rath er than visible barcodes to inhibit attempts 

accordance with the user s system access privileges. (0 overcome ^ access safeguards of ^ systera . 

Yet another restricted access system requires a user to 

insert an authorization card, e.g. a PCMCIA card, into a SUMMARY OF THE INVENTION 
computer card reader to authorize access and to authenticate 

information entered at the computer terminal with the user's 15 ^ P resent invention relates to a limited access system 
digital signature. One potential weakness of such a system for a computer network with a multitude of users. More 
is that a hidden program could present documents for particularly, the present invention relates to a limited access 
signature without the proper control of the user. Another providing automatic log-on and log-out for network 
weakness with these implementations is the relatively high users b y means of coded communications between trans- 
risk that an authorized user will forget to or fail to remove 20 ceiver devices worn by network users and transceiver 
his card in the card reader before he leaves the terminal— a devices connected to computer terminals on the network, 
risk that is particularly acute for a nurse or doctor who may More particularly, the present invention relates to an auto- 
have to leave a terminal in emergency situations to attend to mated and secure data gathering and security system for use 
a patient's care. Also, the loss of the card will result in a in a hospital setting. 

significant inconvenience to the owner and the system 25 Many if not most employees and staff members of a 

administrator. hospital are accustomed to wearing an ID badge on their 

Lemelson, in U.S. Pat. No. 5,202,929 and U.S. Pat. No, uniform, jacket, or around their neck, as a prerequisite to 

5,548,660, discloses an access control system utilizing gaining access to restricted areas and to provide identifica- 

detection devices such as speech recognition equipment and to other employees of the hospital. The preferred 

fingerprint scanners to analyze one or more physical char- 30 embodiment of the claimed invention expands the access 

acteristics of a person attempting access to a computer. The control function of the basic ID badge by using it to facilitate 

system also incorporates physical presence sensors such as access control to the hospital computer network and to 

motion detectors and limit switches embedded in seat cush- information generated by various hospital implements such 

ions to track the presence of an authorized user so as to as monitoring devices. It also adds data buffering and 

prevent continued access to the system when the authorized 35 wireless communication operability allowing it to gather 

user leaves or is absent. This system is primarily directed to information from monitoring devices and hospital instru- 

accessing desktop computer terminals on a sensitive com- ments utilized by the patients receiving the badge -wearer's 

puter network and is not easily adaptable, however, for care. This modified ID badge will hereinafter be described as 

restricting access to laptops, portable instruments, medical a "security badge." 

equipment such as respirators, or electronically-controlled 40 In the preferred embodiment, each computer terminal 

medication dispensers. Moreover, the implementation of the with access to a database on the hospital computer network 

Lemelson invention requires a significant amount of detec- is equipped with a device for wireless information exchange 

tion equipment and analysis software, which may not be with the security badge, using infrared transmitters and 

adaptable to the cost, space, and portability requirements of detectors. To access a computer terminal, a system user 

many devices for which restricted access and auditing 45 (defined as one who is wearing and is authorized to wear a 

control is desired. security badge of the preferred embodiment) positions him- 

There is also a need, for purposes of patient protection, self in front of the computer terminal so that a generally 

quality control, record keeping, billing, and forensics, to unobstructed signal path exists between the security badge 

monitor, control, and record access to the dispensation and and the computer terminal. The computer terminal intermit - 

administration of medicine, IVs, blood transfusions, and 50 tently transmits "interrogation" signals to detect, 

other treatments as well as the collection, administration, authenticate, and establish communications with nearby 

and testing of blood and tissue samples. security badges. If a system user is properly positioned, the 

Gorman, U.S. Pat. No. 5,272,318 discloses a locked security badge may capture and process these interrogation 
container bearing a barcode which can only be opened by signals, returning a signal by which the security verification 
means of a combination that is stored in the memory of a 55 system of the hospital computer network can authenticate 
portable barcode scanning device. In order to ascertain this (i-c, identify and verify) the access privileges of the system 
combination, the medical administrator must scan his own user. The preferred embodiment utilizes public key cryp tog- 
administrator code, the barcode on a patient's bracelet, and raphy in this identification process. 

the barcode on the locked container within a preset time If the security badge is authenticated through this cryp- 

period. If the patient and treatment codes match, the com- 60 tographic exchange, the system user is automatically logged 

bination is displayed so the administrator may inlock the onto the hospital computer network. The computer terminal 

container and apply the medication stored in the container. displays the system user's own customized startup page 

However, the access control of the Gorman invention could through an interactive, hypertext-capable browser interface, 

easily be subverted by writing down the combination that is and the system user may do anything consistent with the 

displayed and opening the container at a later time. As soon 65 access privileges associated with the security badge, 

as the combination was provided, the inventory sought to be Meanwhile, the computer terminal continues to emit its 

controlled could be tampered with or misappropriated for interrogation signals, so that if the signal path between the 
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security badge and the computer terminal is terminated or 
obstructed for more than a preset period of time, which 
could occur, for example, if the system user leaves or turns 
away from the computer terminal, the screen is blanked off 
and the keyboard locked, preventing an intruder from gain- 
ing access to the computer terminal. If the interruption of the 
signal path is short-term, the system may restore access to 
the system user without any change in the display. An 
interruption lasting longer than a predetermined time period, 
for example, one minute, may cause the system user to be 
logged off automatically. 

After the user is logged off, the system may be pro- 
grammed to automatically delete and overwrite any files that 
have been cached on the computer terminal, disk drive, or 
RAM memory device during the system user's use. The 
need for such precautions may be particularly acute with 
typical Intranet/Internet browser programs that maintain 
large cache memories and a record of URL's accessed 
through the browser program. Other steps may be taken to 
prevent "hackers" from gaining unauthorized access to the 
computer terminal. For example, after log-off, the terminal 
may be isolated from remote network access by eliminating 
any network connection, with the exception of the Security 
Verification System, to the terminal. The network connec- 
tion would not be reestablished until the next successful 
cryptographic exchange between the security badge of a 
system user and the computer terminal. 

In the preferred embodiment, the security badge can be 
used to perform several other functions relating to data 
collection and data security. Other devices throughout the 
hospital may be equipped with transceiver devices capable 
of communicating patient-related information to the security 
badge. Such devices may include patient identification wrist 
bracelets, patient monitors, bedside patient charting systems, 
patient identification displays, medical instruments, and 
other hospital implements (more generally referred to as 
"smart devices"). Communication between such smart 
devices and a security badge may be enabled when the 
system user comes into proximity with the smart devices. 
This would enable information recorded by the system user 
onto the security badge about the patient to be automatically 
identified with the appropriate patient for record keeping, 
reference, and billing purposes. Should, for example, the 
current readings and settings from a patient monitor, 
ventilator, or other device be recorded, or a dictation be 
made about the patient's condition, the information is auto- 
matically identified with the patient's identification data 
provided by the device or a separate device for patient 
identification. If the hospital uses a system of electronic 
labeling or smart devices for medication containers or blood 
or IV bags, any information obtained from these electronic 
labels or smart devices is identified with the patient. 

Standardized formatting and organization of data as it is 
recorded may also be achieved, so as to reduce the amount 
of human intervention, and the concomitant risk of error, 
needed to modify and archive the data for display and 
storage. In the preferred embodiment, as it receives infor- 
mation via dictation or from hospital implements, the secu- 
rity badge generates a database address for storing the 
information as a record and formats the record for browser- 
compatible presentation. Preferably, the information is for- 
matted to a standard consistent with the hypertext markup 
language (HTML) or with a Java applet that will handle the 
data. In this manner a user seeking to reference the records 
at a later time will not be required to locate special programs 
to present the data, but will be provided full access to the 
records through a single program such as a typical network 
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browser or through the processing capabilities of a Java 
enabled processor. 

After the security badge has collected and properly for- 
matted data from smart devices, it may transmit the infor- 

5 mation to a computer terminal onto which it is logged. 
Moreover, the authenticity of the information transmitted 
may be guaranteed by having it digitally signed by the 
security badge prior to transmission. 

Another aspect of the present invention provides limited 

10 access, via the security badge, to a medical container. This 
medical container could hold such things as medication, lVs, 
and blood samples for which an audit trail is desirable. 
Before a system user can administer treatment, information 
must be exchanged between the medical container and the 

15 security badge authorizing the treatment. The medical con- 
tainer records the patient and system user identification and 
time of treatment in memory and transmits the patient 
identification to the security badge. As an extra precaution 
the security badge may be required to have previously 

20 received the patient identification from a patient bracelet or 
another device having the patient identification and capable 
of compatible transmission means. This provides for a 
double audit trail of administered treatment, decreasing the 
probability of cover-ups for mistreatments or misappropria- 

25 tion of prescription medicine. The recorded information will 
be transferred to the hospital computer network twice, first 
when the data records from the security badge are transmit- 
ted to the network, and second when the medical container 
is returned for accounting and recycling. 

An object of the claimed invention is to provide a self- 
authenticating identification badge to provide automatic 
logon and logout access to a computer system, so as to 
minimize the number of times a sign -on process is repeated 

35 and to minimize the amount of manual input required while 
maximizing the security of the restricted-access system or 
device. The present invention transforms the typical hospital 
identification badge from an implement for identification 
and access privileges with respect to other individuals to an 

40 implement for computerized identification and access privi- 
leges. 

A more particular object of the claimed invention is to 
provide a self-authenticating identification badge that 
remains in frequent communication with a computer device, 

4 5 system, or network to verify the badge wearer's presence. 
The computer device, system, or network will be pro- 
grammed to terminate access if this communication is 
interrupted. This may be implemented through the use of 
optical, magnetic, electric, radiofrequency, or infrared com- 

50 munications between the badge and a computer system or 
hospital electronic implement. To access the system, the user 
wearing the badge must point the badge in the general 
direction of the transceiver connected with the computer 
system or hospital electronic implement being accessed. 

55 When the user leaves the general vicinity of the computer 
system or hospital electronic implement, communication 
between the badge and the computer system or hospital 
implement is interrupted. During this interruption, the sys- 
tem will go into a lock mode preventing others from 

60 accessing, eavesdropping, or intercepting information on or 
from the system or implement. 

Another object of the claimed invention is to reduce the 
amount of manual data entry, record keeping, and manage- 
ment by providing automated documentation of patient 

65 condition, prognosis, and administration of care. A related 
object of the claimed invention is to minimize the amount of 
training necessary to implement a comprehensive data 
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collection, data security, and data management system for 
hospital and patient records. One aspect in which this object 
is advanced is in the invention's operability to utilize a 
variety of relatively inexpensive browser applications. 

Still another object of the claimed invention is to provide 
a hospital intranet system to integrate and automate the 
processes of staff and patient identification, inventory 
control, comprehensive record keeping and auditing of 
patient treatment, and data collection and management for 
analysis, browser-based reference, and storage. 

Yet another object of the claimed invention is to provide 
a portable transceiver and data buffering device for auto- 
mated information retrieval at the point and time of care. The 
present invention implements a self- authenticating identifi- 
cation badge providing self- identification to and electronic 
retrieval of data stored in a variety of hospital electronic 
implements including diagnostic and monitoring devices 
and electronic lock-lid containers for medicines, IVs, blood 
samples, etc. 

Still another object of the claimed invention is to provide 
a portable transceiver and data buffering device incorporat- 
ing cryptography to prevent intelligible unauthorized inter- 
ception of transmitted data. This cryptography may also be 
used to digitally sign and authenticate information that is 
transmitted by a data transceiver and buffering device to a 
computer system. 

Yet another object of the claimed invention is to provide 
for easy, browser-based reference of a patient's data records. 
The present invention provides for automatic formatting of 
data records as they are created or introduced into or 
retrieved from the database system. A portable transceiver 
and data buffering device according to the present invention 
may generate database addresses for data it records for 
storage when downloaded to the system. It may also incor- 
porate identification and time stamps into data records stored 
by the device or the addresses of the data records. Further, 
the portable transceiver and data buffering device may 
modify data it records to conform to a standard, such as that 
of the hypertext markup language (HTML) or a Java applet, 
amenable for display by a network browser or a Java enabled 
computer. 

Yet another object of the claimed invention is to provide 
a portable transceiver and data buffering device with a 
digital dictaphone to digitally record messages for storage 
with a patient's data records. 

Still another object of the claimed invention is to provide 
a limited access medication dispenser that conditions access 
on the time of attempted treatment, the identity of the system 
user attempting to administer the medication disposed 
within the container, and the identity of the patient for whom 
the medication was dispensed. The medication dispenser 
may also record the time and identities of the patient and 
system user for accounting and billing purposes. 

Yet another object of the claimed invention is to provide 
a hospital intranet system capable of double-auditing in the 
administration of medicines, IVs, or blood samples disposed 
within an electronic lock-lid medical container. Both the 
portable transceiver and data buffering device and the lock- 
lid medical container would store information about the 
identity of the nurse or doctor dispensing the treatment, the 
patient being treated, and the time treatment was given. This 
double-auditing function provides more thorough inventory 
control and better protection of patients through better 
detection of mismanaged care, detection that is not easily 
subverted by a staff-person's attempts to conceal the treat- 
ment. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention is more easily understood with 
reference to the drawings, in which: 

FIG. 1 is a perspective view of a security badge capable 
of communicating with computer terminals and a plurality 
of smart devices. 

FIG. 2 is a perspective view of a wrist bracelet to be worn 
by patients or other persons to provide identification through 
10 wireless communication with security badges or other smart 
devices. 

FIG. 3 is a plan view of a computer terminal or worksta- 
tion being operated by a system user where access is 
conditioned upon communications between the security 
15 badge and the computer terminal. 

FIG. 4 is a plan view of a hospital patient room equipped 
with a variety of computerized monitoring, treatment, and 
information devices. 

FIG. 5 is a perspective view of a medical container 
20 equipped with an electromechanical locking device con- 
trolled by communications through transceiver components. 

FIG. 6 is a block diagram of various electrical compo- 
nents which may be incorporated within the security badge. 

FIG. 7 is a block diagram of a computer network accord- 
25 ing to the present invention, including a plurality of work- 
stations and databases for data record retrieval and storage 
and a security verification system. 

FIG. 8 presents the base memory contents of a security 

30 bad S e * 

FIG. 9 presents the contents of the information transferred 
from a wrist bracelet according to the present invention to a 
security badge. 

FIG. 10 presents the contents of the information trans- 
35 ferred from a medical container according to the present 
invention to a security badge. 

FIG. 11 presents the contents of a digital message record 
incorporating a dictated message and other information 
corresponding to the dictated message. 
40 FIG. 12 is a list of information transferred from a patient 
monitoring or therapeutic device to a security badge. 

FIG. 13Ais a textual representation of a URL address of 
medical dispensation record formed in part from the 
patient's identification number and a timestamp. 
45 FIG. 13B is a graphical representation of a medical 
dispensation record with HTML codes for displaying the 
information in a network browser. 

FIG. 13 C is a graphical representation of the record of 
5Q FIG. 13B as it would be viewed by a system user through a 
network browser. 

FIG. 14A is a graphical representation of a medical 
administration record with HTML codes for displaying the 
information in a network browser. 
55 FIG. 14B is a graphical representation of the record of 
FIG. 14A as it would be viewed by a system user through a 
network browser. 

FIGS. 15A-15F are a functional flow chart showing the 
steps a computer terminal executes in logging on a system 
60 user using a security badge for identification. 

FIGS. 16A-16F are a functional flow chart showing the 
steps a security badge executes in logging on to a computer 
system, sending data, or signing a document. 

FIGS. 17A-17C are a functional flow chart of the steps a 
65 security badge executes in establishing an association with 
a patient and acquiring data from other computerized 
devices. 
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FIG. 18 is a function flow chart of the steps a security 
badge follows to record and generate addresses for dictated 
messages. 

DETAILED DESCRIPTION OF THE 
PREFERRED EMBODIMENT 

The present invention may be adapted for use in a wide 
variety of applications, and is suitable for any environment 
in which numerous data records having one or multiple 
forms and/or formats are to be collected, stored, archived, 
retrieved, or translated. By way of illustration and not by 
way of limitation, the preferred embodiment is presented in 
the context of a hospital environment, in which typically 
there are numerous computer systems in use by various 
health care professionals in one or several hospitals, and 
each professional often desires to have access to the patient 
records created by other professionals in that or other 
hospitals. 

In FIG. 1, the mobile transceiver and data buffering device 
of the preferred embodiment is illustrated as a security 
badge 10 which may be clipped to a person's clothing or 
worn by chain around a person's neck. While this embodi- 
ment implements the claimed invention on an ID badge, the 
claimed invention could be instantiated in other shapes, such 
as a ring or a personalized pointing device. In keeping with 
its preferred resemblance to a typical identification badge, 
the security badge 10 is affixed with identification text 12 
and graphic display 16. The security badge 10 incorporates 
a wireless communication means 14, an audible alerting 
device 20, an activation button 18, a microphone and 
digitizer 22, and a dictation button 26. The security badge 10 
may also incorporate additional electronic identification 
means 30, such as a magnetic strip. Because of its low cost, 
energy efficiency, minimally regulated status, and standard- 
ization by the Infrared Data Association (IrDA), infrared 
transmitter and receiver components (not illustrated) sup- 
porting serial infrared communications links are the pre- 
ferred wireless communication means 14 of the invention. A 
variety of infrared communications devices, such as Hewlett 
Packard's HSDL-1001 transceiver components, may be 
used to implement the preferred communication means. 
Alternatively, other communication means — such as 
acoustic, radiofrequency, or electromagnetic coupling — may 
be supported. The graphic display 16 of the security badge 
10 may be any of a variety of forms, including but not 
limited to a photograph, a light emitting diode array, a liquid 
crystal panel, and an active-matrix display. Security badge 
10 also incorporates processor circuitry 260 illustrated in 
FIG. 6. 

In FIG. 2, the wrist bracelet of the preferred embodiment 
is illustrated as a patient identification bracelet 40 having a 
flexible, extendible band 44, a securing clasp 48, a process- 
ing device 56, and wireless communication means 52, The 
patient identification bracelet is similar to existing bracelets 
used to identify patients in hospitals, with the exception of 
the processing device 56 and communication means 52, 
which are added. Textual information (not illustrated) is 
typically affixed to the extendible band 44. Communication 
means 52 are preferably, but may not be, similar to the 
wireless communication means 14 of the security badge 10. 
The processing device 56 of FIG. 2 includes a memory 
element that contains a variety of patient identification 
information (see 320, FIG. 9), regarding the patient to whom 
the wrist bracelet 40 is attached. 

FIG. 3 graphically illustrates a typical setup that would 
permit communications between a system user 68 wearing a 
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security badge 10 and a computer terminal 60 equipped with 
wireless transceiver device 64 compatible with the wireless 
communication means 14 (FIG. 1) of the security badge 10. 

FIG. 4 sets forth a plan drawing of a patient's room 104 
including a computer terminal or workstation 60, a patient 
monitor 80, and a patient treatment device 116, each 
equipped with wireless transceiver device 64. Also shown is 
a patient bed 88 and an optional bedside communication 
device 96 which may or may not be compatible with 
wireless transceiver device 64. Communication device 96 
may be connected to an optional patient identification dis- 
play 100 equipped with wireless transceiver device 64 or to 
a patient identification display 120 outside of the room 104. 

FIG. 5 sets forth a graphical representation of the medical 
container 200 of the preferred embodiment. Medical con- 
tainer 200, which may be used to transport and provide 
auditing and limited access for medications, blood or tissue 
samples, or other inventory, includes a lid 204, a securing 
latch 232, a latch release button 228, and an electronic 
identification device 224. Textual identification 208 may be 
attached to the lid 204. The electronic identification device 
224 includes wireless communication means 212 compat- 
ible with communication means 14 (FIG. 1) of the security 
badge 10, and may also include an activation button 220 and 
an audible alerting device 216. Release of the latch may be 
conditioned on a time -window for treatment, the successful 
exchange of identification information between a system 
user 68*s security badge 10 and the electronic identification 
device 224, and the manual depression of the latch release 
button 228. The audible alerting device 216 may serve to 
remind the system user 68 when it is time to apply the 
enclosed treatment. The electronic identification device 224 
further includes means, not illustrated, for storing the medi- 
cation information structure 340 of FIG. 10. 

FIG. 6 sets forth a diagram of the processor circuitry 260 
of the security badge 10, which includes a processor 250 
which may be linked to several of the following: a battery 
252, a real-time clock 254 to provide the current time and 
date, a memory element 262, an audible alerting device 20, 
infrared transmitter and detector device 22, a dictation 
button 26, and a display 258 such as a light emitting diode 
array, an LCD screen, or a passive or active matrix screen. 
An illustration of certain "base contents" 300 that may be 
stored by the memory element 262 is set forth in FIG. 8. 

Referring now to FIG. 7, the overall system of the 
preferred embodiment is illustrated as an electronic system 
referred to as computer network 194, including a plurality of 
personal computers or computer terminals comprising work- 
stations 154 and 155 (designated "Workstation 1" and 
"Workstation N"), which may be located in patient rooms, 
nurse stations, doctor offices, and administrative offices; a 
plurality of databases comprising databases 158 and 162 
(designated "Database 1" and "Database N"); an Admit, 
Discharge, and Transfer (ADT) system 166; at least one 
laboratory system 170; various bedside treatment devices 
178 such as ventilators and IV infusion pumps; patient 
monitoring devices 182; a pharmacy system 186; a security 
verification system 168; and a unit dose medication dis- 
penser 150. The individual components of the computer 
network 194 may communicate with each other via a 
communication network 190, which may comprise a com- 
bination of local and wide area networks, using etheraet, 
serial fine, token ring, wireless, or other communication 
standards. Communication network 190 may also be 
arranged in such a manner to be part of the Internet or as an 
individual Intranet. The functions performed by the various 
components of the preferred embodiment of the computer 
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network 194 may be divided among multiple computer 
systems or consolidated into fewer components. 

A. Operation of a Computer Terminal in Access 
Control 

In the preferred embodiment, authentication and data 
security will be illustrated through the use of conventional 
"public key" cryptography, such as that implemented in 
RSA, though other well-known techniques for authenticat- 
ing a user and securing transmitted data may be employed. 
In implementing public key cryptography, the security 
badges and computer terminals are equipped with "private 
key rings" of one or more private keys and a "public key 
ring" of one or more public keys. Depending upon their 
sophistication and the sensitivity of the information they 
contain, other smart devices in the hospital, such as moni- 
toring devices or medical instruments, may also be equipped 
with cryptographic means. The private keys of each security 
badge 10 are never transmitted or otherwise made accessible 
outside the security badge 10, For strong compression, each 
public and private key would typically be at least 128 bytes 
long. Today, the preferred implementation for smart card 
encryption capabilities utilizes the Advanced RISC Micro- 
processor (ARM), such as the ARM 6, the ARM 710, or a 
variety of customized chips integrating the ARM 
technology, such as the Mykronics Capstone or VLSPs 
VMS 210. A variety of other processors, including the Intel 
x86 processor, would also be suitable. 

FIGS. 15A-15F describe the operation of a computer 
terminal 60 (FIG. 3) in establishing and monitoring access 
by a system user 68 wearing a security badge 10 (FIG. 1). 
Access is established by providing a substantially unob- 
structed signal path between the physical wireless commu- 
nication means 14 (FIG. 1) (preferably comprising infrared 
transmitter and receiver components (see FIG. 1)) of the 
security badge 10 and the wireless transceiver device 64 of 
the computer terminal 60. The establishment of an unob- 
structed signal path is facilitated by having the security 
badge 10 worn on or attached to the front of the system user 
68 attempting to logon the computer terminal 60. While it is 
not necessary that the security badge 10 be worn by or 
attached to the clothing of the system user 68, securing the 
security badge 10 to the system user 68 minimizes the 
probability that it will be lost by the system user 68. 

Commencing with FIG. 15A, in step 600 the computer 
terminal 60 transmits an interrogation signal, which is 
fashioned from a private key of the security verification 
system 168 (FIG. 7) of the computer network 194, a large 
random number, and other identification information unique 
to the security verification system 168. Provided a substan- 
tially unobstructed signal path exists between the wireless 
transceiver device 64 (FIG. 3) of the computer terminal 60 
and the wireless communication means 14 (FIG. 1) of a 
security badge 10, the security badge 10 will intercept, 
process, and be operable to return a part of the interrogation 
signal in a re-encrypted form (according to the operation of 
the security badge 10 set forth in FIGS. 16A-16F, infra). 

In step 604, the computer terminal 60 waits for a period 
sufficient to allow a security badge 10 to receive, process, 
re-encrypt, and re -transmit the interrogation signal. If no 
return response is received, in step 608 the computer termi- 
nal 60 waits for a predetermined period of lime and, return- 
ing to step 600, transmits another interrogation signal. If a 
return response is received, in step 612 the format of the 
return response is evaluated. If the format is unrecognized, 
in step 608 the computer terminal 60 wails for a predeter- 
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mined period of time and, returning to step 600, transmits 
another interrogation signal. 

If a return response of a recognized format is received by 
the computer terminal 60, in step 616 it is decrypted or 

5 authenticated using the public key of the security badge 10 
which returned the response. In a public key cryptographic 
system, encryption with a private key uniquely identifies the 
system user 68 possessing that key (assuming the private 
key has not been stolen) because an encrypted message can 

10 only be decoded using the public key matching the system 
user 68's private key. Accordingly, the security verification 
system 168, which stores the public keys of each security 
badge 10 given access privileges to the computer network, 
attempts to decrypt the re-encrypted interrogation signal 

15 using the public keys it retains. 

There are at least two ways in which the decryption 
procedure may be carried out. In one procedure, the security 
verification system 168 attempts to decrypt the response 
signal, one public key at a time, until either a successful 

20 decryption is achieved or all the public keys stored by the 
security verification system 168 fail. Preferably, however, 
the identification information will have been appended to the 
encrypted portion of the return response purporting to iden- 
tify the security badge 10. The security verification system 

25 1 68 then attempts to decrypt the return response using the 
public key corresponding to the appended identification 
information. A successful decryption identifies the security 
badge 10 that originated the return response. If the decryp- 
tion is successful, a verification algorithm is used to compare 

30 the decrypted return response to the original, p re-encrypted 
interrogation signal. 

It would, of course, be possible to program the computer 
terminal 60 itself to perform some or all the functions of the 

35 security verification system 1 68. A physically separate secu- 
rity verification system 168, however, will safeguard the 
computer network 194's private keys and the list of public 
keys of valid system users, preventing appropriation of the 
keys by one breaking into the computer terminal 60 itself. 

40 As an additional precaution, the security badge 10 may be 
programmed to detect and reject interrogation signals that 
are short and probabilistically non-random. This would 
frustrate a cryptanalyst's attempt to derive a security badge 
10' s private key by interrogating the security badge 10 with 

45 short messages and intercepting the re -encrypted response. 
This precaution is especially justified if the security badge 
10 is adapted to communicate with devices and computer 
terminals foreign to the computer network 194 and its 
security verification system 168. This precaution may also 

50 limit the damage that could be imposed were a private key 
of the security verification system 168 compromised. 

In step 620, if the decryption and verification failed to 
identify a security badge 10 having access privileges to the 
computer terminal 60, then the operation proceeds again to 

55 step 608, where the computer terminal 60 waits for a 
predetermined period of time and, returning to step 600, 
transmits another interrogation signal. 

Because a security badge 10 may be misplaced by or 
stolen from a system user 68, additional security measures 

60 are warranted. The security verification system 168 may be 
programmed to require that a system user 68 manually enter 
a password at the beginning of each day. Alternatively, the 
system could require manual password entry at random 
times throughout the day, even while the system user 68 is 

65 logged on, flagging possible theft and unauthorized use of 
the security badge 10 should the proper password not be 
detected. Further, a switch may be incorporated onto the 



12/15/2003, EAST Version: 1.4.1 



5,9t 

13 

security badge 10 to force it into a mode requiring password 
entry. More elaborate means, including voice identification 
or a fingerprint or retinal scan, could also be incorporated 
into the security badge 10 or at computer terminals 60 to 
reinforce such security. It is to be expected, however, that 
should a system user 68 be dispossessed of a security badge 
10, that he or she immediately notify the system security 
administrator to deactivate the access privileges of the 
security badge 10. 

Provided a security badge 10 having access privileges to 
the computer terminal 60 has been identified, in step 624 the 
security verification system 168 determines whether or not 
to require the entry of a password to enable logon by the 
system user 68. This procedure provides a safeguard should 
the security badge 10 be stolen, deterring unauthorized 
logon attempts with the threat that the security verification 
system 168 will detect the breach and apprehend the viola- 
tor. 

If password entry is required, then in step 632 the com- 
puter terminal 60 prompts the system user 68 for a password. 
Information that is entered may not only be processed by the 
computer terminal 60, but also transmitted to the security 
badge 10 in encrypted form in order to reset a flag main- 
tained by the security badge 10 indicating that password 
entry is required. In step 636, the password is analyzed. If 
the wrong password has been entered, in step 640 a counter 
is incremented. If the wrong password was entered less than 
three consecutive times (step 640), the security verification 
system 168 returns to step 632 and again prompts the system 
user 68 to enter the password. After three failed attempts 
(step 640), however, in step 644, the security verification 
system 168 disables recognition of the security badge 10, 
records the location of the failed attempt, and notifies the 
system administration to alert it to a possible attempted 
breach of the system. 

If within the first three attempts, the correct password is 
entered, the operation advances to step 648, logging the 
system user 68 onto the computer terminal 60 and providing 
access to program features and databases in accordance with 
the access privileges of system user 68. In step 652, the 
computer terminal queries the security badge 10 for the 
existence of data records to transfer to the computer network 
194 and causes the security badge 10 to transmit them, if 
any, to the computer terminal 60 for database storage, in 
accordance with the operation detailed in FIGS. 16A-16F. 

After the completion of the data transfer, if warranted, by 
the security badge 10 to the computer terminal 60, the 
computer terminal 60 will continue to periodically poll the 
security badge 10 with recommitment signals. These recom- 
mitment signals may be specifically addressed to the system 
user 68*s security badge 10 and may incorporate a different 
random number with each polling. Further, these recommit- 
ment signals may be encrypted with the security badge 10*s 
public key stored by the security verification system 168, 
instead of or in addition to encryption by the security 
verification system's private key, so that they may only be 
intelligibly decrypted by the security badge 10 itself, using 
its own exclusively-guarded private key. By periodically 
polling the security badge 10, the user input and output 
devices of the computer terminal 60, including the monitor, 
keyboard, and mouse, can be disabled if the computer 
terminal ceases receiving response signals from the security 
badge 10. A system user 68 may also be automatically 
logged out by means of periodic polling. 

This process of periodic polling is illustrated in steps 656 
through 692 of FIGS. 15C-15E. The computer terminal 
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waits for a predetermined interval in step 656, transmits a 
recommitment signal in step 660, and probes for a response 
signal in step 664. If there is a recommitment response 
signal, in step 668 its content is evaluated. If the content of 

5 the recommitment response signal is accepted, the operation 
proceeds to step 696, discussed infra. If either there is no 
recommitment response signal in step 664, or if the content 
of the recommitment response signal is rejected in step 668, 
an idle/invalid link counter (not illustrated) maintained by 

10 the security verification system 168 and whose initial value 
relative to the logon event was zero, is incremented in step 
672. 

The idle/invalid link counter permits the system user 68 to 
temporarily turn away from the transceiver device 64 of the 

35 computer terminal 60 or to otherwise interfere with the 
signal path. However, if the computer terminal 60 does not 
receive a recommitment response signal after several 
requests, the display of the computer terminal 60 is blanked, 
input from any keyboard or pointing device may be ignored, 

20 and other processing activities may be suspended. The 
computer terminal 60, however, continues to transmit 
recommitment signals. Should the system user 68' s security 
badge 10 respond within a second period of time, the display 
will be restored to its previous condition and the keyboard, 

25 pointing device, and processor will resume normal opera- 
tion. If the security badge 10, however, does not transmit a 
correct recommitment response signal during the second 
period of time, the system user 68 is automatically logged 
off the computer network 194. When the user is logged off 

30 the computer system, a software program may also be used 
to remove any temporary files that have been stored on disk 
or in RAM memory, e.g. the cache file used by the network 
browser program. Furthermore, access by the computer 
terminal 60 to the computer network 194 may be terminated 

35 with the exception of the link between the computer terminal 
60 and the security verification system 168, which may be 
preserved to determine if a new user is attempting to use the 
computer terminal 60 to log onto the computer network 194. 
In this manner a system user 68's access to the computer 

40 network 194 is restricted while logged off and enlarged 
while logged on. 

This computer terminal access security operation is 
described more particularly in steps 676 through 692 of 
FIGS. 15D-15E The value of the idle/invalid link counter is 

45 compared in step 676 to a predetermined disable I/O limit. 
If that value does not exceed the disable I/O limit, the 
periodic polling continues with step 656. If and when the 
value of the idle/invalid link counter does exceed the disable 
I/O limit, in step 684, the input and output devices of the 

50 computer terminal 60 are disabled, if they have not been 
previously disabled (step 680). In step 688, the value of the 
idle/invalid link counter is compared to a predetermined 
logout limit. Periodic polling is continued in step 656 if the 
value of the idle/invalid link counter does not exceed the 

55 logout limit. If and when this value is exceeded, in step 692 
the system user 68 is logged off the computer terminal 60 
and information stored in memory or cache on the computer 
terminal by the user is overwritten. 

If the content of the recommitment response signal is 

60 valid (step 668), in step 696 the security verification system 
168 processes the signal through a verification algorithm, 
attempting to decrypt the signal with public keys and 
comparing the decrypted output with the original recommit- 
ment signal. If the decrypted output matches the original 

65 recommitment signal (step 700), then in step 704 the com- 
puter network 194 recognizes that the system user 68 is still 
using the computer system. The idle/invalid link counter is 
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reset and the display and other input and output functions of 
the computer terminaJ 60, if disabled, are restored. If the 
decrypted output does not match the original recommitment 
signal (step 700), then in step 708 the computer network 194 
recognizes that another system user 68 is nearby. If the value s 
of the idle/invalid link counter exceeds a third limit (step 
712), then the original system user 68 is logged off, memory 
cache and temporary workspace utilized by the original 
system user 68 or applications executed by or through the 
original system user 68 is deleted and/or overwritten, and the 10 
new system user 68 is logged on to the computer terminal. 
If the value of the idle/invalid link counter has not yet 
exceeded a third limit (step 712), then the new system user 
68 is recognized but not logged onto the terminal, for the 
original system user has not been logged off for a sufficient 15 
period of time. 

B. Operation of a Security Badge in Access 
Control 

FIGS. 16A-16F describe the operation of a security badge 2 o 
10 (FIG. 1) in responding to interrogation and recommit- 
ment signals transmitted by a proximately located computer 
terminal 60 (FIG. 3). In order to conserve power, the security 
badge 10 is preferably capable of alternating between sleep 
and wake states. During a sleep state, the security badge 10 25 
is not responsive to signals transmitted by computer termi- 
nals 60 and other proximate smart devices, and may be 
essentially "invisible" to such devices. This alternating 
sleep/wake cycle is described in steps 724 through 732. In 
step 724, the security badge 10 maintains a wake state in 30 
which it is capable of receiving and transmitting signals 
through its wireless communication means 14. If in step 728, 
the time allotted for the wake state has expired and no signal 
has been received via the wireless communication means 14 
of the security badge 10, then in step 732 the security badge 35 
10 is powered down for the allotted duration of its sleep 
state, before cycling back to the wake state of step 724. 

If a signal is received during its wake state, however, the 
alternating sleep and wake cycle is suspended in order to 
process and respond to the signal. In step 736, the security 40 
badge 10 processes and identifies the signal. If the signal is 
identified as a nonspecifically addressed signal (step 740) or 
as being addressed to the instant security badge 10 process- 
ing the signal (step 742), then further evaluation of the signal 
is performed, beginning with step 760, discussed infra. 45 

A signal that is neither nonspecifically addressed (step 
740) nor specifically addressed (step 742) to the instant 
security badge 10 is regarded as being extrinsically 
addressed to a second security badge 10. This situation may 
arise when two system users 68 with two security badges 10 50 
are in the vicinity of the same computer terminal 60, one of 
them being logged onto the computer terminal 60. In step 
744, the extrinsically addressed signal is evaluated to deter- 
mine whether or not it is of a nature seeking an identification 
signal from the second security badge 10. If not, the instant 55 
security badge 10 ignores the extrinsically addressed signal 
and retires to wake state 724. If, however, the extrinsically 
addressed signal is of a nature requesting an identification 
signal, in step 752 the instant security badge 10 pauses to 
permit the second security badge 10 to transmit its identi- 60 
fication signal. In step 756, the security badge 10 then 
transmits its own identification signal to the computer ter- 
minal 60 to indicate its presence, retiring afterward to wake 
state 724. This may allow the security verification system 
168 to temporarily blank the screen to prevent unauthorized 65 
access to data by one system user 68 through the access 
privileges of another system user 68. Alternatively, after 
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repeated failures by the computer terminal 60 to receive a 
response signal from the second security badge 10, the 
second system user 68 may be logged out and the instant 
system user 68 logged in. 

In the event that the signal was either nonspecifically 
addressed (step 740) or specifically addressed to the instant 
security badge 10 (step 742), the operation advances to step 
760, where the signal is further evaluated to determine 
whether it is an interrogation or recommitment signal, in 
which case it would have been encrypted by a private key of 
the security verification system 168. If in step 760 it is 
identified as an interrogation or recommitment signal, then 
in step 764, a key ID tag appended to the signal is used to 
locate the public key stored in the memory element 262 
(FIG. 6) of the security badge 10, with which it decrypts the 
signal. 

In step 768, the decrypted signal is evaluated for infor- 
mation positively or probabilistically identifying the secu- 
rity verification system 168 as the source of the signal. This 
step implements the precaution of programming the security 
badge 10 to detect and reject interrogation signals that are 
too short or probabalistically non-random. If the decrypted 
signal is not distinguishable as originating from the security 
verification system 168, then in step 772, the security badge 
10 stores and transmits an invalid message code, retiring to 
wake state 724. If the decrypted signal is recognized as 
originating from the security verification system 168 (step 
768), then in step 774, the signal or a portion thereof is 
reencrypted using the private key of the security badge 10 
and transmitted, in step 776, to the computer terminal 60. 
Following this transmission, the security badge 10 retires to 
wake state 724. 

Turning back to step 760, if the signal is not identified as 
an interrogation or recommitment signal, in step 784 the 
signal is evaluated to determine whether it is prompting the 
security badge 10 to transmit stored data to the computer 
terminal 60, in which case in step 788 the data is transmitted 
before the security badge 10 retires to wake state 724. If the 
signal was not identified as a prompt for data transfer (step 
784), then in step 794 the signal is evaluated to determine 
whether it is prompting the security badge 10 to delete 
specified data, in which case in step 796 the specified data 
is deleted before the security badge 10 retires to wake state 
724. 

If the signal was not identified as a request to delete 
specified data (step 792), then in step 800, the signal is 
evaluated to determine whether it is prompting the security 
badge 10 to digitally sign a document or data record using 
its private key. If the signal is not identified as a request to 
digitally sign a document, the signal is treated as an unspeci- 
fied command, upon which the security badge 10 takes no 
action, instead retiring to wake state 724. If the signal is 
identified as requesting a digital signature (step 800), in step 
804 the computer terminal 60 or the security badge 10, by 
means of its audible alerting device 20, prompts the system 
user 68 to depress the activation button 18. In step 808 the 
security badge 10 waits for the system user 68 to respond for 
a limited time period. In step 812, if the activation button 18 
has not been depressed before the expiration of this limited 
time period, then in step 816 the security badge 10 returns 
a signal indicating that the signature has not been provided, 
retiring then to wake state 724. In this manner a digital 
signature will not be provided without the affirmative agree- 
ment and action of the system user 68. If in step 812, the 
activation button 18 had been depressed within the limited 
time period, in step 820 the document or a message digest 
of the document is encrypted in whole or in part and 
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transmitted to the computer terminal 60, the security badge 
10 afterward retiring to wake state 724. 

Though not illustrated, the activation button 18 may be 
pressed for several seconds in order to suspend automatic 
logon access to a computer terminal 60 without being 
prompted to enter a password. The security badge 10 may 
emit an audible sound to indicate that automatic logon has 
been suspended. 

C. Operation of a Security Badge in Gathering 
Data 

FIGS. 17A through 17C describe the operation of a 
security badge 10 in gathering and exchanging data with 
smart devices with which it is in communicable range. This 
operation is described particularly, but not by way of 
limitation, in the context of a hospital, where the exchange 
of information between a security badge 10 and a plurality 
of smart devices assigned to various patients and distributed 
throughout the hospital may be limited by the access privi- 
leges corresponding to patients whom or with whom the 
system user 68 is authorized to diagnose, treat, or interact. 
A single hospital room 104 (FIG. 4) may include a number 
of smart devices, including a computer terminal or work- 
station 80, a patient identification display 100, a bedside 
communication device 96, a patient treatment device 116, 
and a patient monitor 60, each of which may communicate 
with the security badge 10 or, in some circumstances, with 
each other. 

In the preferred embodiment, data exchange between a 
security badge 10 and a smart device directed to a particular 
patient is conditioned upon and must be preceded by estab- 
lishing an "association" between the system user 68 and the 
patient to whom the smart device is directed. Preferably, an 
association is digitally recorded by the security badge 10 in 
the form of information uniquely identifying the patient, the 
smart device and/or the security badge 10 itself, and the time 
and date of the association. This information may later be 
appended to data records exchanged with smart devices and 
computer terminals 60, providing the data records with a 
complete audit trail. Further, smart devices and security 
badges 10 themselves may also digitally record associations 
in a same or similar fashion. 

Turning to step 824, a system user 68 attempts to initiate 
a communication link or exchange information with a smart 
device by depressing the activation button 18 (FIG. 1). 
Depending on the sophistication of these devices and the 
sensitivity of the information they contain, the communica- 
tions established with these smart devices may or may not 
utilize public key cryptography. While link initialization 
may be automated rather than user-initiated, making the 
links user-initiated allows the security badge 10 to conserve 
energy and prevents unnecessary link initialization with 
devices about which the system user 68 is not concerned. 
The smart device preferably has compatible communication 
means with the security badge 10, both of which are 
preferably oriented in sufficient directional and spatial prox- 
imity to prevent other smart devices from also responding to 
signals transmitted by the security badge 10. Alternatively, 
the smart devices may be individually and manually enabled 
to communicate through the use of activation switches 
incorporated in the smart devices. Provided that the signal 
path between the security badge 10 and the smart device is 
substantially unobstructed and short enough that signal 
transmissions are not excessively attenuated, a communica- 
tions link is established. In step 828, the security badge 10 
evaluates the existence, if any, of an association between the 
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security badge 10 and any patient (not necessarily the 
particular patient to which the linked smart device is 
directed). If there is no association, in step 832 the security 
badge 10 transmits to the smart device its own identification 

S information and a request for data to be returned. If there is 
an association, in step 836 the security badge 10 transmits its 
own identification information, patient identification infor- 
mation (of the patient with whom the security badge 10 is 
associated), and a request for data to be returned. Steps 832 

30 and 836 are each followed by step 840, in which the security 
badge 10 waits for a predetermined time period for a 
response from the smart device. If no response is received 
within the predetermined time period (step 848), then in step 
852 the security badge 10 emits a first audible sound to alert 

as the system user 68 that no response was received from the 
smart device, and in step 856 the operation initiated by the 
system user 68 in step 824 is terminated. If instead a 
response is received before the predetermined time period 
elapses (step 848), then in step 860 the data contained in the 

20 response signal is stored as a data record, and a timestamp 
is added to the data record. 

If the data record recorded in step 860 is a patient 
identification record (step 864), and if the security badge 10 
is already associated with that patient (step 868), then in step 

25 876 the security badge 10 emits a second audible sound 
readily distinguishable to the human ear from the first 
audible sound of step 852, signaling to the system user 68 
that the security badge 10 is associated with the patient and 
that the exchange of information was successful. 

30 If the data record recorded in step 860 is a patient 
identification record (step 864), but the security badge 10 is 
not associated with any patient (steps 868 and 872), then in 
step 874 the security badge 10 records an association with 
the patient and in step 876 emits said second audible sound. 

If the data record recorded in step 860 is a patient 
identification record (step 864), but the security badge 10 is 
associated with a second patient (steps 868 and 872), then in 
step 878 the association with said second patient is closed 

4Q and a new association is established. In step 880 the security 
badge 10 emits said second audible sound twice to indicate 
the closure of a previous association and the initiation of the 
current association. 

If the data record recorded in step 860 is not a patient 

45 identification record (step 864) but if the security badge 10 
has been associated with a patient (step 888), then in step 
892 the data record is modified to include staff and patient 
identification previously recorded in establishing the current 
association between security badge 10 and patient. The 

50 timestamp (recorded in step 860) and patient identification 
are further used to formulate a database address destination 
to store the data after it is transferred to the computer 
network 194 (FIG. 7). Further, the security badge 10 emits 
said second audible sound to indicate the successful trans- 

55 action. 

If the data record recorded in step 860 is not a patient 
identification record (step 864) and if the security badge 10 
has not been associated with a patient (step 888), then in step 
896 the data record is modified to include identification 

60 information attributable to the system user 68 (FIG. 3) to 
which the security badge 10 is assigned. If the data record 
includes patient information, it and the timestamp (recorded 
in step 860) are further used to formulate a database address 
destination to store the data after it is transferred to the 

65 computer network 194 (FIG. 7). Further, the security badge 
10 emits said second audible sound to indicate the successful 
transaction. 
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FIG. 9 illustrates the contents of the patient identification 
information 320 that may be transmitted by a wrist bracelet 
to a security badge 10 during a communications link with the 
security badge 10. 

Although not illustrated by flow chart, an association with 
a patient may be is manually terminated by depressing 
activation button 18 for a few seconds, after which the 
security badge 10 emits an audible sound to indicate that the 
association has been terminated. An association with a 
patient may also be automatically terminated after a suffi- 
cient period of inactivity with respect to the security badge 
10, 

FIG. 18 describes the operation of the security badge 10 
in digitally recording dictation. While observing or treating 
a patient, system user 68 may, in step 900, press the dictation 
button 26 (FIG. 1) and dictate messages (step 904) into the 
microphone 22 of the security badge 10. Digitizing circuitry 
incorporated in the processing circuitry 260 (FIG. 6) of the 
security badge 10 digitizes the message (step 904), which is 
recorded as a message record in memory element 262. If the 
security badge 10 is associated with a patient at the time the 
dictation is recorded (step 908), then in step 912 patient 
identification information and a timestamp are incorporated 
into the message record. Further, in step 912 a database 
address is formulated for the message record using the 
timestamp, the dictation data type, and patient identification 
information. Further, in step 912 the security badge 10 emits 
said second audible sound. If the security badge 10 is not 
associated with a patient at the time the dictation is recorded 
(step 908) 7 then in step 916 a timestamp is incorporated into 
the message record. Further, in step 916 the dictation data 
type and timestamp are combined to form a partial database 
address for the message record. Further, in step 916 the 
security badge 10 emits said second audible sound. FIG. 11 
illustrates the dictation information 360 that may be incor- 
porated in the message record. 

Other aspects, not included in FIGS. 17A through 17C, 
may be involved in communicating with or between certain 
smart devices. In one embodiment, the presence of a system 
user 68 in proximity to a patient enables communication 
between the patient's wrist bracelet 40 (FIG. 2) and the 
system user 68's security badge 10. The communication link 
may be initiated by depressing the activation button 18 on 
the security badge 10 and/or an activation button (not 
illustrated) on said wrist bracelet 40, provided there is a 
complete signal path between the security badge 10 and the 
wrist bracelet 40. Once a communication link is established, 
the security badge 10 identifies the patient and records the 
establishment of an association with that patient. The secu- 
rity badge 10 may also request and receive additional 
information stored by the wrist bracelet 40, providing a 
beep, vibration or other sensational signal to indicate a 
successful transmission or to alert the system user 68. The 
wrist bracelet 40 may also record in its own memory the staff 
identification information and current date and time from the 
security badge 10 to provide an audit trail of the caregivers 
who have associated themselves with the patien. If commu- 
nication and association is established with another wrist 
bracelet 40 or, if not, after a preset period of time has 
elapsed, the security badge 10 regards the association to 
have terminated and alerts the system user 68 to this fact 
with another beep, vibration or other sensational means of 
communication. 

In another embodiment, the wireless communication 
means 52 of wrist bracelet 40 (FIG. 2) may utilize alternate 
communication means, such as magnetic coupling or low 
power radio transmission, rather than the preferred infrared 
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means of the security badge 10. Similarly, the bedside 
communication device 96 (FIG. 4) of a patient bed 88 may 
also utilize alternate communication means. Further, the 
communication range of wrist bracelets 40 or other smart 

5 devices may be limited in order to prevent two devices from 
receiving the same request. Instead of communicating 
directly with the security badge 10, the wrist bracelet 40 may 
communicate with patient identification display 100 directly 
or indirectly via communication with the communication 

30 means of a bedside communication device 96. A patient 
identification display 100 may also have transceiver device 
64 compatible with the communication means 14 of the 
security badge 10. The smart devices may be arranged and 
implemented so that the patient identification display 

35 retrieves the patient identification information from the wrist 
bracelet 40 and electronically displays it. The patient iden- 
tification display 100 may be programmed to cease display- 
ing the patient identification information if the patient bed- 
side device 96 no longer senses the presence of the patient. 

20 Patient chairs may be similarly equipped with smart devices 
to sense the presence of a patient and to convey such 
information to a patient identification display 100, Further, 
in order to establish an association with a patient, the 
security badge 10 may be required to establish a communi- 

25 cation link with the patient identification display 100 instead 
of or in addition to the wrist bracelet 40, which patient 
identification display 100 would in turn transmit the patient 
identification information to the security badge 10, This 
would permit the transfer of patient identification informa- 

30 tion without the possible necessity of disrupting the patient 
in order to establish a communication link with the patient's 
wrist bracelet 40. 

If a new patient comes to occupy the patient room 104 or 
the patient bed 80, the patient identification display 100 

35 would obtain the new patient identification information from 
the wrist bracelet 40 worn by the patient and may be 
structured to transmit that information to the Admit, Dis- 
charge and Transfer System 166 (FIG. 7) of the computer 
network 194. Alternatively, the patient identification display 

40 100 could display a request for input indicating whether or 
not the new patient is to be marked as having been trans- 
ferred to the instant patient room 104. A patient monitoring 
device 80 (FIG. 4) or bedside treatment device 178 (FIG. 7) 
may reject a data exchange request from a security badge 10 

45 if the system user 68 wearing the security badge 10 is not 
authorized or cleared to diagnose or administer treatment to 
the patient. FIG. 12 illustrates the contents of the monitoring 
or treatment device information 380 that the bedside treat- 
ment device or patient monitoring device 80 may transmit to 

50 the security badge 10 if the data exchange is authorized. As 
part of a double-audit function, the monitoring device 80 or 
the bedside treatment device 178 would itself record any 
data transaction made with a security badge 10. 

The present invention also provides a medical container 

55 200 (FIG. 5) equipped with an electronic identification 
device 224, programmable memory, and two-way commu- 
nication means 212. In order for a system user 68 to 
administer medication to a patient, a hospital may make use 
of a medical container 200 (FIG. 5) according to the present 

60 invention, which limits access to the medication disposed 
within said medication container 200 upon the exchange of 
identification information between the system user 68*s 
security badge 10 and the medical container 200. FIG. 10 
illustrates the medication information 340 that a medical 

65 container 200 may transmit to a security badge 10 after 
access to the medication has been cleared. Preferably, both 
the security badge 10 and the medical container 200 store 
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information, including time, staff and patient identification 
(collectively, "circumstances"), related to the transaction. 
Access to the medication disposed within the medical con- 
tainer 200 may be conditioned first upon the transfer and 
clearance of patient and staff identification from the security 
badge 10 to the medical container 200, in the form of a 
message generated by the security badge 10 indicative of the 
circumstances associated with the information or transac- 
tion. Receipt of such message and resulting verification of 
the transaction prevents medication from being inadvert- 
ently administered to the wrong patient. Access is provided 
by releasing the securing latch 232 of the medical container 
200. The security badge 10 may also alert the system user 68 
via an audible sound, vibration, or other sensational means 
to remind the system user 68 to administer the appropriate 
treatment. Means are also provided to permit the system user 
68 to indicate that less than the entire amount of medication 
dispensed within the container 200 was administered. After 
the medication has been administered, the medical container 
200 would preferably be returned to the pharmacy system 
186 (FIG, 7), the unit dose medication dispenser 150, or to 
an appropriate workstation 154 or 155, where information 
relating to the administration of the medication, including 
the time, staff, and patient identification, would be transmit- 
ted to the computer network 194 for storage in a database 
158 or 162. 

D. System and Method for Dynamic Formatting 
and Address Generation of Data Records 

One aspect of the claimed invention provides that data 
records generated, recorded, and/or transmitted by the plu- 
rality of smart devices and security badges 10 be formatted 
and addressed according to uniform standards in order to 
minimize the need for human intervention in categorizing 
and archiving the hospital's many patient data records. 
Preferably, data records are formatted and addressed accord- 
ing to conventions, such as Java and the hyper text markup 
language (HTML), supporting interactive display by a mul- 
timedia display application such as a commercially available 
Internet browser or similar display, entry, and retrieval 
program using standardized formatting instructions. By for- 
matting the data record in HTML format or as part of a Java 
applet or other display-compatible format, the receiving 
computer terminal or workstation will not need any addi- 
tional programming or input to display or manipulate the 
data record. Preferably, formatting and addressing of data 
records received by the security badge 10 is done partially 
or entirely by the security badge 10 itself, using timestamps, 
patient identification, and the base contents 300 (FIG. 8) 
incorporated into the memory element 262 (FIG. 6) of the 
security badge 10. In this manner all the information 
required to handle the data record and to send it to an 
appropriate database is included in the data record trans- 
ferred from the security badge 10. 

FIGS. 13A through 13C and 14A through 14B illustrate 
data records relating to the dispensation and administration 
of medication. 

FIGS. 13A through 13C set forth a medication dispensa- 
tion record 404 after it has been formatted according to 
HTML and uniform resource locator (URL) conventions. 
FIG. 13B illustrates the HTML codes incorporated into the 
medication dispensation record 404. FIG. 13C illustrates the 
medication dispensation record 404 as it is displayed by a 
browser 412, including hypertext links 416 and 420, 
respectively, to the patient's demographic record and the 
bibliographic record of the system user 68 who dispensed 
the medication. FIG. 13 A illustrates the URL 400 generated 
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for the medication dispensation record 404 which identifies 
the location at which it is or will be stored. Preferably, 
several data elements of a medication dispensation record 
404 are stored by the medical container 200 as a medical 

5 information structure 340 (FIG. 10) when medicine is dis- 
pensed into the medical container 200. The medication 
dispensation record 404 is transmitted to a security badge 10 
as part of a data exchange that takes place when a system 
user 68 administers the medicine disposed within the medi- 

1Q cal container 200. 

FIGS. 14A through 14B illustrate the medication admin- 
istration record 440, which is the medication dispensation 
record 404 (FIG. 13B) as modified by the security badge 10. 
FIG. 14A illustrates the HTML codes incorporated into the 

is medication administration record 440. A security badge 10 
that is associated with a patient will modify a medication 
dispensation record 404 that it receives from a medical 
container 200 (FIG. 5). Additions made to the medical 
administration record 440 include medication quantity fields 
456 and 460 (FIG. 14A) indicating how much of the 
dispensed medicine was administered, provided that the 
system user 68 (FIG. 3) indicated that less than the full 
amount of medication dispensed was administered. Other 
additions include a report type field 448, a patient verifica- 

25 tion field 452, system user identification 464, and the date 
and time 468 access to the medical container 200 was 
provided, presumably indicating the time the medicine was 
administered. Hidden fields 472, incorporating information 
to be transmitted along with the record but concealed from 

3Q view through the browser display, may also be added. 
Information appropriately concealed may include the initial 
quantities of medication dispensed, which information may 
be compared with the amount actually administered. Submit 
field 476 may be added to provide that contents of the hidden 

35 fields 472, including the entered medication quantities, may 
be transmitted for storage in a database 158 or 162 at the 
URL address indicated in the form field 444 of the medical 
administration record 440. 

FIG. 14B illustrates the medication administration record 

4Q 440 as it is displayed by a browser 480, including fields 492 
and 496 indicating how much medicine was actually dis- 
pensed. When formatted data 440 is transmitted to a com- 
puter terminal 60, the security badge 10 may be programmed 
to emulate a file structure device, wherein the open file 

45 command of the browser 480 may be used to request data 
from the security badge 10. 

The medical administration record 440 can be formatted 
as part of a Java applet and when transferred to a Java 
enabled computer terminal 60 can be displayed and modified 

50 without additional program codes. 

While a particular embodiment of the invention has been 
illustrated and described, it will be obvious to those skilled 
in the art that various changes and modifications may be 
made without sacrificing the advantages provided by the 

55 principle of construction disclosed herein. 
What is claimed is: 

1. A method of initiating and maintaining access between 
a person having a mobile transceiver and data buffering 
device and an electronic system containing information and 
60 connected to a compatible transceiver device, said method 
comprising the steps of: 

a. authenticating said mobile transceiver and data buffer- 
ing device with said electronic system; 

b. upon successful completion of said authenticating step, 
65 initiating access by one of at least said person and said 

mobile transceiver and data buffering device to said 
electronic system; 
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c. intermittently generating recommitment signals in said 
electronic system; and 

d. receiving said recommitment signal in said mobile 
transceiver and data buffering device and transmitting 
a recommitment response signal to said electronic 
system in response thereto, thereby maintaining access 
to said electronic system. 

2. The method according to claim 1, further comprising 
the step of terminating access to said electronic system if 
said electronic system does not receive said recommitment 
response signal after one of at least a first preset time period 
and a first preset number of unanswered recommitment 
signals. 

3. The method according to claim 1, further comprising 
the step of suspending access to said electronic system if 
said electronic system does not receive said recommitment 
response signal after one of at least a first preset time period 
and a first preset number of unanswered recommitment 
signals. 

4. The method claim 3, wherein the step of suspending 
access to said electronic system is implemented by inter- 
rupting input to and output from a computer terminal in 
communication with said electronic system. 

5. The method according to claim 3, further comprising 
the step of restoring access to said electronic system if said 
electronic system does receive said recommitment response 
signal after one of at least a first preset time period and a first 
preset number of unanswered recommitment signals but 
before one of at least a greater second preset time period and 
a greater second preset number of unanswered recommit- 
ment signals. 

6. The method according to claim 5, further comprising 
the step of terminating access to said electronic system if 
said electronic system does not receive said recommitment 
response signal after one of at least said second preset time 
period and said second preset number of unanswered recom- 
mitment signals. 

7. The method of claim 2 or claim 6, wherein said 
electronic system comprises a computer network including 
a computer terminal having temporary storage. 

8. The method of claim 7, further comprising the step of 
conditioning access upon said person's entry of a password. 

9. The method of claim 7, further comprising the steps of 
enlarging the connection between said computer terminal 
and said computer network when access is initiated and 
restricting the connection between said computer terminal 
and said computer network when access to said electronic 
system is terminated. 

10. The method of claim 7, further comprising the step of 
removing any said information remaining in said temporary 
storage of said computer terminal provided that access to 
said computer network is terminated. 

11. The method of claim 7, wherein said electronic system 
and said mobile transceiver and data buffering device 
employ public key cryptography. 

12. The method of claim 7, further comprising the step of 
providing access through an interactive browser interface on 
said computer terminal. 

13. A mobile transceiver and data buffering device for 
staff and data authentication and capable of sharing digital 
information with a compatible transceiver device, said trans- 
ceiver and data buffering device comprising: 

a. a processor; 

b. means associated with said processor for receiving an 
interrogation signal transmitted over a wireless 
medium from said compatible transceiver device; 

c. means associated with said processor for transmitting 
an authenticating response over a wireless medium to 
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said compatible transceiver device, said authenticating 
response being responsive to said interrogation signal; 

d. means associated with said processor for receiving 
intermittent recommitment signals generated by said 
said compatible transceiver device; and 

e. means associated with said processor for transmitting a 
recommitment response signal to said compatible 
transceiver device in response thereto, thereby main- 
taining access to said compatible transceiver device. 

14. A controlled-access information system comprising: 

a. a mobile transceiver and data buffering device for staff 
and data authentication, said transceiver and data buff- 
ering device comprising: 

a processor; 

means associated with said processor for receiving an 
interrogation signal transmitted over a wireless 
medium from a compatible transceiver device; 
means associated with said processor for transmit- 
ting an authenticating response over a wireless 
medium to said compatible transceiver device, said 
authenticating response being responsive to said 
interrogation signal; means associated with said pro- 
cessor for receiving intermittent recommitment sig- 
nals generated by said said compatible transceiver 
device; and 

means associated with said processor for transmitting a 
recommitment response signal to said compatible 
transceiver device in response thereto; and 

b. a compatible transceiver device connected to said 
information system and in communication with said 
mobile transceiver and data buffering device. 

15. The controlled-access information system of claim 14, 
further comprising means for terminating access to said 
information system if said information system does not 
receive said recommitment response signal after one of at 
least a first preset time period and a first preset number of 
unanswered recommitment signals. 

16. The controlled-access information system of claim 14, 
further comprising means for suspending access to said 
information system if said information system does not 
receive said recommitment response signal after one of at 
least a first preset time period and a first preset number of 
unanswered recommitment signals. 

17. The controlled-access information system of claim 16, 
further comprising means for restoring access to said infor- 
mation system if said information system does receive said 
recommitment response signal after one of at least a first 
preset time period and a first preset number of unanswered 
recommitment signals but before one of at least a greater 
second preset time period and a greater second preset 
number of unanswered recommitment signals. 

18. The controlled-access information system of claim 17, 
further comprising means for terminating access to said 
information system if said information system does not 
receive said recommitment response signal after one of at 
least said second preset time period and said second preset 
number of unanswered recommitment signals. 

19. The controlled-access information system of claim 15 
or claim 18, wherein said information system comprises a 
computer network including a computer terminal having a 
data storage device. 

20. The controlled-access information system of claim 19, 
further comprising means for accepting entry of a password. 

21. The controlled-access information system of claim 19, 
further comprising means for enlarging the connection 
between said computer terminal and said computer network 
when access is initiated and restricting the connection 
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between said computer terminal and said computer network devices selected from the group consisting of computers, 

when access to said information system is terminated. instruments, monitors, and treatment devices in a hospital. 

22. The controlled-access information system of claim 21, 26. The mobile transceiver and data buffering device of 
wherein said mobile transceiver and data buffering device claim 24, wherein said data storage device comprises a 
weighs less than five kilograms and is substantially suitable 5 computer terminal. 

for attachment to an article of apparel. f 21 ■ ™ e mobUe tran^eiver and data buffering device of 

23. The controlled-access information system of claim 19, ^ 26 > wherein information ls associated in said 
further comprising means in said mobile transceiver and moblle tr f D f e ! v ^ r an " ata buflfenn « device witii a circum- 
data buffering device for digitally signing communications stance f lect f d from he S rou P oonastmg of the date when 
4 , > j . • j j * / j ■ *u u * j rt said information was transmitted to said mobile transceiver 
to be transmitted to said data storage device through said 10 and ^ buffefing ^ lime when ^ information 

transmission means. was transmitted to said mobile transceiver and data buffering 

24. A mobile transceiver and data buffering device for devicCj the identity of a patient with which said first smart 
staff and data authentication and communication with a device was associated, and the identity of said wearer of said 
plurality of smart devices, said mobile transceiver and data mobile transce iver and data buffering device. 

buffering device comprising: 15 28. The mobile transceiver and data buffering device of 

a. means for identifying a wearer of said mobile trans- claim 27, further comprising means for generating a mes- 
ceiver and data buffering device; sage to said smart device indicative of the circumstance with 

b. a memory for storing information; which said information is associated. 

c. means for receiving information carried on a wireless M f 29 ' ™%™ bUe traQSCeiver and data b » fferin g device of 
medium for storage to said memory, whereby said 20 claim 26 ftirther comprising: 

plurality of smart devices may communicate with said means for the wearer to impending receipt of 

mobile transceiver and data buffering device; information from said first smart device; 

j o _ r f _ • c nrTT1 , t : nn r m "j m „ mnr%1 means for permitting the wearer to indicate acceptance of 

d. means for transmitting information trom said memory . * . ° . j • 

^ „ „ • ,„u 0 ^k„ *«;a mrt K;io )f , nr said information from said first smart device, 

over a wireless medium, whereby said mobile trans- 75 ,„ „ . ., . • . . , ~ . , , f 

ceiver and data buffering device may communicate , 30 - ™ e ™ blle traDSCelver and data devic * ° f 

with said plurality of smart devices; claim "> briber compnsmg means of digitally signing data 

./ _ , . records to be transmitted to said data storage device through 

e. means for identifying a first smart device in proximity sajd transmission meanSj wh ereby said data storage device 
with said transceiver and data buffering device; ^ eQabled tQ authenticate said mobile transceiver and data 

f. means for automatically extracting information from 30 buffering device as the source of said information. 

said first smart device; 31. The mobile transceiver and data buffering device of 

g. means for transmitting said information to a data claim 26, wherein said information is received from said first 
storage device with which said mobile transceiver and smart device by said transceiver and data buffering device 
data buffering device is in proximity, whereby infor- and formatted for storage as a data record in a standardized 
mation contained in a smart device is uploaded sub- 35 format. 

stantially automatically to said mobile transceiver and 32. The mobile transceiver and data buffering device of 

data buffering device, and later downloaded to said data claim 31, wherein said standardized format is the hypertext 

storage device. markup language. 

25. The mobile transceiver and data buffering device of 

claim 24, wherein said plurality of smart devices comprise ***** 
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At Col. 3, line 61, please delete "inlock" and substitute-unlock-therefor. 

At Co.. 10, line 40 before "device" tasert- components 14, an activation button 18, 
microphone and analog-to-digital converter--. 
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